Authorized Party (azp) claim mismatch in the ID token

Help
1

I’m getting “Authorized Party (azp) claim mismatch in the ID token”.

Looking in the SDK’s, it seems to be because the mobile app token seems to be returning two 'aud’s, the API Audience, and the ‘{domain}//userinfo’ endpoint.

AUTH0_AUDIENCE = My application Client ID.

Mobile App Code

    Auth0
                .webAuth()
                .scope("openid")
                .audience("AUTH0_AUDIENCE")
                .start {
                    switch $0 {
                    case .failure(let error):
                        // Handle the error
                        print("Error: \(error)")
                    case .success(let credentials):
                        print(credentials.accessToken))
                    }
            }

PHP API

$token_issuer  = 'https://'.env('AUTH0_DOMAIN').'/';
            $jwks_fetcher = new JWKFetcher();
            $jwks        = $jwks_fetcher->getKeys($token_issuer.'.well-known/jwks.json');
            $signature_verifier = new AsymmetricVerifier($jwks);
    
            $token_verifier = new IdTokenVerifier(
              $token_issuer,
              env('AUTH0_AUDIENCE'),
              $signature_verifier
            );
    
            try {
              $decoded_token = $token_verifier->verify($accessToken);
            } catch (\Exception $e) {
              return null;
            }
2

Hi there @ryan5 and welcome to the Auth0 Community!

Are you sure in your mobile app code it’s picking up the AUTH0_AUDIENCE as it does in your .env file? Is there any additional details you can share with us on this front? Thanks in advance!

4

Thanks!!

For anyone coming across the same issue, I’ve managed to debug with the help of @joshcanhelp - Authorized Party (azp) claim mismatch in the ID token · Issue #422 · auth0/auth0-PHP · GitHub

5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.