Since upgrading to Auth0-PHP 7 to satisfy the sameSite with secure cookie flags, I’m receiving the an Audience (aud) claim mismatch in the ID token error when trying to run
The full error is Audience (aud) claim mismatch in the ID token; expected “MY_CLIENT_ID” was not one of “https://MY_CLIENT_DOMAIN/api/v2/, https://MY_CLIENT_DOMAIN/userinfo”
When I enter the token stored in $idToken at jwt.io for verification, it comes back as valid. I realise I will probably have to provide more info, just not sure what to include.
I am using @auth0/auth0-spa-js 1.6.3 in an Angular 8 app on the front end, redirecting to the Auth0 hosted login page. The token that is issued is then processed by AUTH0-PHP 7.0… That’s where I get the 500 error.
One item I found that might be a clue is an open issue for Auth0-PHP: https://github.com/auth0/auth0-PHP/issues/422
Happy to provide more details, or receive any clues on how to configure this setup to get things working.