getAccessTokenSilently seems to ignore authorizationParams

gueronlj · April 28, 2023, 5:28pm

The following function returns an error

{"statusCode":401,"error":"Unauthorized","message":"Bad audience: http://localhost:3001/admin https://dev-rqbvmubwc6xeogdn.us.auth0.com/userinfo"}

But in my code I specify a different audience.

const fetchListofAdmins = async ()=>{
    try{
      const token = await getAccessTokenSilently({
        authorizationParams: {
          audience:'https://dev-rqbvmubwc6xeogdn.us.auth0.com/api/v2/',
          scope: 'read:current_user'
        }
      })
      console.log(token);
      const options = {
        method: 'GET',
        url: `${MANAGEMENT_API}roles/${ROLE_ID}/users`,
        headers: {
          Authorization: `Bearer ${token}`
        }
      }
      const response = await axios.request(options)
      adminArray = (response.data)
    }catch(error) {
      console.log(error.message);
    }
  }

Where is getAccessTokenSilently() getting these audience strings from?
My function returns the expected data when using the ‘Test’ token

tyf · May 2, 2023, 11:20pm

Hey @gueronlj !

Interesting… Were you able to make any progress on this? Does the access token obtained via this function look as expected when you decode it at jwt.io?

I’ll also note that read:current_user isn’t the correct scope for /api/v2/roles/{id}/users

Keep us posted!