How to pass audience in passport-auth0 strategy?

Frederic.Meriot · June 3, 2022, 10:13am

Hi,
I’am using NestJS 8 with passport-auth0. I don’t know how to pass an audience to the strategy to obtain a JWT access-token (instead an opaque one). I’am using this strategy :

@Injectable()
export class Auth0Strategy extends PassportStrategy(Strategy, 'auth0') {

  constructor() {
    super({
        domain: process.env.AUTH0_DOMAIN,
        clientID: process.env.AUTH0_CLIENT_ID,
        clientSecret: process.env.AUTH0_CLIENT_SECRET,
        callbackURL: process.env.AUTH0_CALLBACK_URL,
        passReqToCallback: true,
        scope: 'openid email profile',
        state: true,
    });
  }

  async validate (req, accessToken, refreshToken, extraParams, profile, done): Promise<any> {
    done(null, {accessToken,profile});
  }
}

This strategy works well, but I obtain an opaque access-token (and a JWT id-token). I read in the documentation that to obtain a JWT access-token, I need to pass the “audience”. But if I add an audience property in the constructor, it has no effect. I tried this :

super({
        domain: process.env.AUTH0_DOMAIN,
        clientID: process.env.AUTH0_CLIENT_ID,
        clientSecret: process.env.AUTH0_CLIENT_SECRET,
        ...
        audience: "my-wonderful-api-identifier"
    });

But still having an opaque access-token.

I wonder how do I pass this audience parameter to the strategy.
Thank you for your help.

lihua.zhang · June 3, 2022, 6:18pm

Hi @Frederic.Meriot ,

Welcome to the Auth0 Community!

I wonder how do I pass this audience parameter to the strategy.

I found the below scripts for getting the access token by specifying the audience id. Here are the details.

app.get(
	'/login',
	passport.authenticate('auth0', {audience: 'urn:my-api'}), 
	function (req, res) {
	  res.redirect('/');
	}
);

Hope this helps!