@prashant, thank you so much. Adding audience parameter which references the API allowed me to get a valid JWT access token, which also validates against the API. One thing I noticed right away is that the access_token doesn’t contain profile and email claims even though i’m explicitly specifying them in the scope parameter. However, they are present in the id_token. Is this the expected behavior or am I missing something else?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| .Net Core 2 JWT Validation and Refreshing for access tokens | 5 | 12836 | October 28, 2018 | |
| Accesstoken and Id-Token. Which one to use and how to validate an opaque accesstoken? | 2 | 3155 | August 28, 2019 | |
| Getting Auth0 and Swagger to work | 3 | 15179 | March 2, 2018 | |
| Auth0 API Token verification failing | 4 | 6201 | March 2, 2018 | |
| Can my api server trust the access token from auth0? | 2 | 818 | July 3, 2023 |