AWS Gateway API tutorial, audience is invalid

I am not sure but there is possibly an error in Gateway API tutorial

When I am using parameters for audience from the tutorial which is https://...auth0.com/api/v2/. I was getting an error:

{
        "name": "JsonWebTokenError",
        "message": "jwt audience invalid. expected: https://....auth0.com/api/v2/"
}

However when I am decoding JWT token in jwt.io

aud is equal to Client ID and not to https://...auth0.com/api/v2/. So I’ve tried Client ID as an audience parameter and it passed validation. I am wondering if there is an error in the tutorial or something wrong with the token.

There are a couple of things worth noting, the tutorial itself seems to have an issue with placeholder when a logged in user is viewing it. For example, for me it displayed:

If Auth0 is the token issuer, use https://[tenant].auth0.com.auth0.com/

which duplicates the .auth0.com part. I relayed this information internally so that it can be addressed.

In relation to the audience, the one on the tutorial would be just an example and the audience value would actually be the one you configured. You mention that the audience of your JWT token is the client identifier so this leads me to believe that you’re trying to send an ID token instead of an access token.

The ID token will always be a JWT and its audience is the client application identifier as it’s meant only to be consumed/processed by the client application. The token that you should be sending to an API must be an access token and it will also be a JWT when you performed the initial authorization request with the suitable audience parameter.

In conclusion, apart from the placeholder situation the tutorial is likely correct and your issue is with trying to send an appropriate token.

@jmangelo Thanks so much, you are absolutely correct. I am not sure how I didn’t notice this by myself.

Best regards, Iurii