I would have imagined this to be pretty straightforward but since
- The audience within the API has to be the client id (SPA Client Id) when the SPA accesses the API and…
- The audience has to be the Identifier of the API when the M2M service accesses the API.
I can’t see how this can work since the audiences need to be different for when communicating with the SPA and communicating with the M2M service.
Any help would be really appreciated,
John.
Here are the 3 places I set the tokens which is my best guess but it doesn’t work.
From within the service:
var request = new RestRequest(Method.POST);
request.AddHeader(“content-type”, “application/json”);
request.AddParameter(“application/json”, “{“client_id”:”"+serviceClientId+ “”,“client_secret”:""+serviceClientSecret+ “”,“audience”:""+apiId+ “”,“grant_type”:“client_credentials”}", ParameterType.RequestBody);
var response = portalClient.Execute(request);
return JsonConvert.DeserializeObject(response.Content).access_token;
From within the API
AddJwtBearer(options =>
{
options.Authority = domain;
options.Audience = spaId;
options.Events = new JwtBearerEvents
{
OnTokenValidated = OnTokenValidatedSetUser
};
})
From within the SPA.
auth0 = new auth0.WebAuth({
domain: domain,
clientID: spaId,
redirectUri: “http://localhost:3000/callback”,
audience: apiId,
responseType: ‘token id_token’,
scope: ‘openid email profile etc’
});