Aud values in token seems wrong

i have been working to setup a dot net maui application that needs to call a rest web api.
i started with the blog article and had that working and as i move to get the real app working i am having an issue that is confusing me:

i am setting one value for audience based on the blog.
in the access token i has 2 values.

in places i am reading that audience can only have one value.

in other places i am reading seem to say that the second value is normal and will be in the token.

the second value that i think is making my api return not authorized is like this:

“https://[my-domain].us.auth0.com/userinfo”

i am going to go back to the sample app and see if that is happening there also…
and does it fail or work…

but this still leaves me with the question: why is my audience value getting two strings when i only put in one ? is that normal ?

This is completely normal and expected behavior - The 2nd audience (“https://[my-domain].us.auth0.com/userinfo”) is automatically added and can be used against the /userinfo endpoint.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.