Auth0 Home Blog Docs

Configuring the "audience" in hosted login page

hosted-login
audience
hosted-login-page

#1

I am using auth0 “/authorize” endpoint with “audience” to get an access token in JWT format. But, I don’t want to pass the “audience” as query param, because the service that I use, do not allow query params.

What I am trying to do is that giving default audience for my client in hosted login page.

var auth = {
  redirectUrl: config.callbackURL,
  responseType: (config.internalOptions || {}).response_type ||
  config.callbackOnLocationHash ? 'token' : 'code',
  params: config.internalOptions
}

if(config.clientID === "CLIENT_ID") {
  auth.audience = "https://test.com/test";
  auth.params.audience = "https://test.com/test";
}

When I do this, the login page is not loading, I am seeing only an empty page. What could be the problem in here? If this approach does not make sense, what could be an alternative solution?

Thanks for your help!


#2

The recommended approach would indeed be to pass the audience in the initial request to /authorize, however, if that is not available because of a restriction of the client then your option would be to configure a tenant/domain wide default audience (you should not try do it in the hosted login page).

You can configure a default audience by accessing the tenant settings and setting the Default Audience field. Have in mind that this change will affect every request that don’t specify an audience; since using an audience also triggers breaking changes in legacy flows you need to take that under consideration.

Another option would be to have a middle-man that does this for you; as in the client application that does not support query parameters calls this middle-man that just redirects with the correct audience. However, this introduces complexity and it would be up to you to not mess up anything (security related) in that middle-man.


#3