I am trying to create an API application that allows me to send JWTs to an Amazon Bedrock AgentCore Runtime services, which can decode JWTs via a clientID parameter, but it requires the JWT claims to have client_id explicitly. Since the JWT created by Auth0 only supplies azp, I cannot get this to work. I tried trigger actions, but learned that client_id is a reserved key and cannot be updated.
How can I resolve this issue?
Thanks!
Hi @shafkevi,
Welcome to the Auth0 Community!
What I would recommend in order to get the client_id explicitly as a claim in the JWTs issued from Auth0 would be switching the Access Token Profile to the RFC 9068 token profile. When you enable this profile, Auth0 automatically replaces azp with client_id, which should be exactly what Amazon Bedrock AgentCore Runtime requires in your use case.
You can enable this setting from the Auth0 Dashboard - Applications - APIs - Select the API - In the Settings tab, scroll down to the Access Token Settings section - Access Token Profile dropdown - Change it from Auth0 to RFC 9068 - Save.
I hope this helps and if you have further questions please let me know.
Thank you!
Best regards,
Remus