Access token is not JWT format

In my scenario, Auth0 is used for Amazon Alexa.
I use Alexa’s account linking function to get access token from Auth0, and then call my cloud API with the access token. But the access token cloud API received is not JWT format, and I could not check the permission. I knows I could call some Auth0’s API to get user profile to check permission, but I think it’s not good. Does anyone know how to make Auth0 return JWT format access token.
I just configured some setting in the Alexa 's configure page like API path, client ID etc. and did not do some coding. I am so confusing for this problem, and I hope someone could help me.

Hi @zhuangps.fnst,

Welcome to the Community!

In your Alexa’s configure page do you have a registered API identifier as the audience? In order to receive a JWT, you’ll have to register your API and then use the identifier for the audience in the client application.

Hi @stephanie.chamblee

Thank you for your reply.

As this is my first time to use Alexa to develop smart speaker function. I’m not sure the configure page in Alexa is what you mentioned. I just use this configure to get token from Auth0 successfully. But when I pass token to my cloud API, the cloud found that the token is not JWT format and can’t do other things. Could you have a look of my configure, and figure out where I make a mistake?

I don’t know where I should configure the audience, so I ask here.

I am so confusing that “Alexa Skill Setup” seems not configure for audience.

[Tutorial] How to set up Account Linking for Alexa with Auth0 and Jovo | Jovo

1 Like

I’m running into the same issue, a commenter mentioned “Set the default audience in your tenant settings” but I do not see how to set this any where.

Hey there @devdanyan welcome to the community!

You can set the default audience in your Tenant Settings or using the Management API.

1 Like

Thank you, I also found that I can add audience as parameter to the auth url in the alexa account linking settings page.

https://[your auth0 account].auth0.com/authorize?audience=[the identifier of API]

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.