Auth0 django-rest-framework invalid audience inside jwt_decode_token method

Get Help
, , , ,
1

I am trying to validate the access token from the api, everything works well except token validation. The react.js and drf are running on localhost. Therefore the audience is http://localhost/8000.

def jwt_decode_token(token):
    header = jwt.get_unverified_header(token)
    jwks = requests.get('https://{}/.well-known/jwks.json'.format('domain')).json()
    public_key = None
    for jwk in jwks['keys']:
        if jwk['kid'] == header['kid']:
            public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(jwk))

    if public_key is None:
        raise Exception('Public key not found.')

    issuer = 'https://{}/'.format('domain')
    return jwt.decode(token, public_key, audience='http://localhost/8000', issuer=issuer, algorithms=['RS256'])

error

jwt.exceptions.InvalidAudienceError: Invalid audience
3

Hi @snurfer0,

Thanks for reaching out to the Auth0 Community!

I understand that you’ve been having trouble when trying to decode the API token, specifically with the Invalid audience error.

The audience should be a legitimate resource such as your API identifier or the Management API v2 identifier. Please take a look at our Get Access Tokens docs for more details.

In this case, you’ll need to use https://YOUR_DOMAIN.REGION.auth0.com/api/v2/ as the audience.

I have tested this myself and could decode my API token without any issues.

Please let me know how this works for you.

Thank you.