Changing audience field for JWT authentication response

No matter what I do the “aud” feild of my JWT for my client application returns as my Client ID, I have no idea why? I’ve even set the default audience to the name of my API.

If anyone can help me it would be so greatly appreciated.

Hey there @nolanl13 welcome to the community!

Which SDK are you using and how exactly are you getting the token? Feel free to share any config related code you think may help.

Keep us posted!

Hey, thank you so much for your response. I’ve been super stuck on this for a couple of days.
So I am using Nestjs and to build a backend service, but need to fake a client authentication flow so I can test properly and create users in a separate DB etc.

I have an application set up with the basic login project you guys provide (regular web app with node.js), and I have a separate API configured to protect routes in my backend.

What I am currently doing is logging the user in using the sample -login project, going into he network tab and retrieving the response “access token” after successful login. I am then trying to use this token to send a cURL request to auth0 to exchange it for an API access token, but I keep getting this error: {"error":"invalid_grant","error_description":"Invalid authorization code"}%
When I decode the JWT the ‘aud’ is set to the value of the Client_ID and not to the value of the API identifier which is what I think the problem may be.?

here is my set-up code for the Client project in the server.js file.

const config = {
  authRequired: false,
  auth0Logout: true,
  secret: process.env.SECRET,
  baseURL: "http://localhost:8080",
  clientID: process.env.CLIENT_ID,
  issuerBaseURL: process.env.ISSUER_BASE_URL,
  clientSecret: process.env.CLIENT_SECRET,


    authorizationParams: {
      response_type: "code id_token",
      audience: process.env.AUTH0_AUDIENCE,

this AUTH0_AUDIENCE is set to the value of my API identifier not to the name of the client id.
but shows up differently in the jwt token. I don’t know if that’s actually what the issue is? but its very confusing.

any hints or ideas would be very greatly appreciated :slight_smile:

my response has been detailed above, forgot to make it a reply :slight_smile:

1 Like

Hey @nolanl13 no problem, happy to help where I can!

Do you mind sharing the example sample you’re working with? There’s definitely something off but it’s hard for me to tell without looking at the sample itself. It looks to be using a hybrid flow which given the response_type.

FWIW it’s worth it might be easier to user one of our SPA samples, react for example. I know with that sample you’ll get an access token with the correct audience configured. You can just extract the access token from the “preview” of the /token call in the network tab without having to make any extra manual call:

Keep us posted!