I’ve got an Angular 2 SPA calling a ASP.NET WebApi. I have the web api configured as an API and the SPA as a client.
In order to get the proper access token to call through to my API I had to change my Auth0Lock parameters to look like this:
// Configure Auth0
lock = new Auth0Lock(myConfig.clientID, myConfig.domain,
{
auth: {
params: {
audience: myConfig.audience,
scope: 'openid profile read:ping'
}
}
});
Now I get an accessToken back and I’m able to call my API.
Previously though before I added the audience parameter, I was getting a valid id_token back.
With that valid id_token I was able to use the getProfile method to get my user details.
Now, the id_token comes back as null and getProfile does not accept the access_token.
Is there a preferred method for getting the user profile information when using the audience parameter or is there a way to include a valid id_token so that I can call the get profile function?