In a scenario where I am using Auth0 as the service provider and a working SAML connection with an external identity provider, I want to get an access token that comes in as a JWT with an audience claim that is an API. identifier Right now it is an opaque, unencoded token (eg. access_token=Cj0Jil1FYm3lTa_o). My application relies on a JWT that has an “aud” claim with the corresponding audience.
My configuration within the “Edit SAMLP Identity Provider connection” modal looks like this:
Response Protocol:
OpenID Connect
Query Params:
redirect_uri=my_redirect&scope=openid email&response_type=id_token token&audience=my_audience_api_identifier