I have the following flow for my single page web app:
const access_token = await getAccessTokenSilently({
audience: 'https://dev-********.us.auth0.com',
scope: ['read:users', 'read:user_idp_tokens'],
});
console.log("Access token: " + access_token)
const userWithToken = await fetch("https://dev-********.us.auth0.com/api/v2/users/" + user.sub + "?include_fields=true", {
headers: {
Authorization: `Bearer ${access_token}`
}
})
const token = userWithToken.identities[0].access_token
console.log("Token:" + token)
const response = await fetch('https://api.github.com/users/' + user.nickname + '/repos', {
headers: {
Accept: `application/vnd.github+json`,
Authorization: `token ${token}`,
},
});
console.log(response)
The problem is that call to https://dev-********.us.auth0.com/api/v2/users/
always fails. Either with 401 Bad audience
error (if I specify https://api.github.com/ as an audience when doing getAccessTokenSilently
) or Consent is required
(if I specify https://dev-********.us.auth0.com/api/v2/
as an audience) or plain 400 (if I call getAccessTokenSilently
without audience or any params).
How do I make this work?