Problem statement
We are attempting to generate an access token (using the authorization code flow) through Azure AD enterprise connection-based authentication. The JWT/access token is being generated with the Auth0 audience value.
However, upon decoding the token at https://jwt.io, the Auth0 scope does not appear in the access token. Could you please review the issue details and assist us in resolving the JWT token payload, specifically to include the Auth0 audience scope/permission value?
Solution
To obtain scopes from an Azure AD connection, you need to complete two steps:
The first step involves ensuring that the necessary permissions are set on the Azure side. Detailed information about this step can be found here: Connect Your App to Microsoft Azure Active Directory
The second step is to choose the “Extended Profile” option within the connection settings in the Auth0 tenant dashboard. This option is depicted below: