Hello,
I followed the Auth0 documentation for setting up authentication on a .net core project. Code is below. The domain config setting points to the XXXX.us.auth0.com domain from the application and the audience points to the management API identifier https://XXX.us.auth0.com/api/v2/ per the documentation. I see other posting on this forum and they have the audience set to the local url, for example .net core API error of "Invalid token" for second Auth0 development environment. When I add the [Authorize] filter I get invalid token error. I can verify the token header is there, passed from a next.js server with the const user = await getSession(req, res); and using the user.idToken property.
Can someone verify what the audience should be, or help with what might be the issue could be.
Update - If I change the next.js server to pass the user.accessToken, same error. invalid token.
Thank you!
var domain = $"https://{builder.Configuration["Auth0:Domain"]}/";
builder.Services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = domain;
options.Audience = builder.Configuration["Auth0:Audience"];
});