How to specify multiple audiences on authorize method

Please include the following information in your post:

  • Which SDK this is regarding: e.g. auth0-js 9.x

hi,

To accomplish a micro-frontend login process I need to specify more than one audience per token. I’m trying to look into documentation in regard to this but mostly solutions are connected to multiple access tokens with different audiences.

In my case I need only one token that is going to be shared between child applications within a micro-frontend system. To achieve that I need to request an access token with multiple audiences. I’m trying first to simply call the method authorize with a array of audiences what was not successful, here it’s the code:

webAuth.popup.authorize(
      {
        domain: AUTH_DOMAIN,
        redirectUri: location.origin + '/validate',
        connection: 'google-connection',
        responseType: 'token',
        audience: [AUTH_AUDIENCE_APP1, AUTH_AUDIENCE_APP2]`,
      },
)

It’s possible to issue a token with multiple audiences via auth0.js Library?

Best,
Vini

Hi @vinicius.palma1 ,

Welcome to the Auth0 Community!

I noticed that your Auth0 Technical Account Manager has opened a support ticket with the same query. I am watching out for the updates and will provide the details soon. Appreciate your patience meantime.

3 Likes

Hi @lihua.zhang, I am waiting for this fix too. Just to clarify ,is there a plan to support multiple audiences for Access token?
Thanks in advance :slight_smile:

It is not supported to have multiple audiences in the access token.

You could authorize (could be silent authentication) a second time to use a different audience and as a consequence obtain an access token suitable to another API.

You could also configure Logical API for Multiple APIs. If you have multiple distinct API implementations that are all logically a part of the same API, you can simplify your authorization process by representing them with a single logical API in the Auth0 Dashboard. Doing this allows you to implement just one authorization flow, while still controlling access to the individual APIs by assigning the appropriate scopes.

Please send your request directly to our product team using our feedback page and click on the Vote button. Thank you!