Access token when obtained from iOS results in 401 unauthorized while from react-admin is ok

The problem was that audience was set when requesting access tokens from the react-admin, while I did not include this in the swift login implementation.

Decoding the JWT on jwt.io and the following thread lead to this conclusion.
https://community.auth0.com/t/access-token-too-short-jwt-malformed/9169/11?u=kennethphough

Adding the audience in the following code resulted in the correct jwt being returned and successful access to backend.

Auth0
    .authentication()
    .login(
        usernameOrEmail: self.email,
        password: self.password,
        realm: "Username-Password-Authentication",
        audience: "<YOUR_AUDIENCE>",     // <- This is what I forgot
        scope: "openid profile email"
)
1 Like