Empty payload in JWT Authorization tokens - Audience IS defined (I think?)

I’m currently developing a React Single Page Application (SPA) that uses Auth0 for authentication. I have successfully implemented login and logout features. However, when request an Authorization JWT with getTokenSilently() I am retrieving have an empty payload when decoded. For now I’m just logging it to my browsers console in a local test environment. For example: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtdzAxODFhcXNobGw1MDMzbC51cy5hdXRoMC5jb20vIn0…thF3uZU-GjTkcNVo.EQawZb4Ebgww3ZT-Pa73eoJ62qLQ0HSIswroGiecQZHGdZLw-953s6asccnawPD9HwSObZ3JcsbP8HAFarNf2p5Zrr2sbp4QvGxfB6RgpWZTxEK2Tntu7X7w9i_7z2Iw8c_3lUZPnHe0_4OLaHnPyetzk8_Pqm2-JcELrNIwvRPTD1QmdMsbyvz6_u9kANS181FH7wSyxtt5UP5Hu_BnQ3lmEQhB5yMvL42PjaAsoaclxEdQ0EQmcCRdnNrQVqnKadZumwvs2jQ-A-onQI9lL3rhlPEktJP8Sy-UyhRv-U_Az6MmY4D92-VRD_AjXhXLggV7iXMS8hZM9N_cDDCA5skg.Fuf3LqTHjNuCZj_fS8P8HQ
Issue Details:
Technology Stack: ReactJS with Auth0 SPA SDK
Auth0 SDK Version: @auth0/auth0-react": “^2.1.0”,
@auth0/auth0-spa-js”: “2.0.3”,
Browser: Tried on multiple browsers including Chrome and Safari, and also in Incognito mode Error Messages: None
Steps to Reproduce:
User logs in via Auth0.
React App retrieves the token.
React App writes writes the token to console for debugging purposes.

Code Snippets:

auth-provider.js app.js

What I have Tried:
Logged in and out multiple times, also in incognito mode in case of cacheing.
Checked Auth0 Dashboard logs for any signs of errors or irregularities.
Ensured that the Auth0Client object is initialized with an audience, which is an API that I crated in the Auth0 Dashboard. Reviewed and followed Auth0 SPA SDK documentation - though I am a beginner and most likely have something configured wrong.

Hi @login,

Have you made sure that your auth0_config.json file has included your audience?

If not, you could always override it by passing it in the getTokenSilently() method:

const token = await getAccessTokenSilently({
  authorizationParams: {
    audience: 'https://api.example.com/',
    scope: 'read:posts',

(Reference: https://github.com/auth0/auth0-react/blob/main/EXAMPLES.md#call-an-api)

Please let me know how it goes for you.


Thanks so much for the help!
I have made sure to explicitly state it, but that did not change the result. One thing to note - I’m using the auth0-spa-js library in my auth-provider.js code that I shared. Could that have an impact on how I should be getting the token?

Hi @login,

Can you please verify that the audience is set by decoding your JWT token on jwt.io and see if there is a value set for the aud claim?


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.