Auth0 .net core authorize filter returns invalid token error


I followed the Auth0 documentation for setting up authentication on a .net core project. Code is below. The domain config setting points to the domain from the application and the audience points to the management API identifier per the documentation. I see other posting on this forum and they have the audience set to the local url, for example .net core API error of "Invalid token" for second Auth0 development environment. When I add the [Authorize] filter I get invalid token error. I can verify the token header is there, passed from a next.js server with the const user = await getSession(req, res); and using the user.idToken property.

Can someone verify what the audience should be, or help with what might be the issue could be.

Update - If I change the next.js server to pass the user.accessToken, same error. invalid token.

Thank you!

var domain = $"https://{builder.Configuration["Auth0:Domain"]}/";
builder.Services.AddAuthentication(options => {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
         options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
         options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
.AddJwtBearer(options =>
    options.Authority = domain;
    options.Audience = builder.Configuration["Auth0:Audience"];


It’s not the management api, it’s your backend application’s api. If you sign into Auth0, go to Applications → APIs. Your list of APIs should include the Management API (if you use that) and your backend application’s API. If it doesn’t, you need to set one up by clicking Create API. Just like the listing for the management API, once created, your application’s API will list the audience, which is an identifier, which (if memory serves) is set by default when you create it and looks like https://{your app name}

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.