Auth0 django-rest-framework invalid audience inside jwt_decode_token method

I am trying to validate the access token from the api, everything works well except token validation. The react.js and drf are running on localhost. Therefore the audience is http://localhost/8000.

def jwt_decode_token(token):
    header = jwt.get_unverified_header(token)
    jwks = requests.get('https://{}/.well-known/jwks.json'.format('domain')).json()
    public_key = None
    for jwk in jwks['keys']:
        if jwk['kid'] == header['kid']:
            public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(jwk))

    if public_key is None:
        raise Exception('Public key not found.')

    issuer = 'https://{}/'.format('domain')
    return jwt.decode(token, public_key, audience='http://localhost/8000', issuer=issuer, algorithms=['RS256'])

error

jwt.exceptions.InvalidAudienceError: Invalid audience

Hi @snurfer0,

Thanks for reaching out to the Auth0 Community!

I understand that you’ve been having trouble when trying to decode the API token, specifically with the Invalid audience error.

The audience should be a legitimate resource such as your API identifier or the Management API v2 identifier. Please take a look at our Get Access Tokens docs for more details.

In this case, you’ll need to use https://YOUR_DOMAIN.REGION.auth0.com/api/v2/ as the audience.

I have tested this myself and could decode my API token without any issues.

Please let me know how this works for you.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.