Auth0 Home Blog Docs

IdP-Initiated SSO - Audience is Ignored



In a scenario where I am using Auth0 as the service provider and a working SAML connection with an external identity provider, I want to get an access token that comes in as a JWT with an audience claim that is an API. identifier Right now it is an opaque, unencoded token (eg. access_token=Cj0Jil1FYm3lTa_o). My application relies on a JWT that has an “aud” claim with the corresponding audience.

My configuration within the “Edit SAMLP Identity Provider connection” modal looks like this:

Response Protocol:
OpenID Connect

Query Params:
redirect_uri=my_redirect&scope=openid email&response_type=id_token token&audience=my_audience_api_identifier


A workaround is recycling the silent authorization flow that already exists for the regular implicit flow as soon as the SAML flow hits the “redirect_uri” with an access token


I would still love some explanation on this subject other than the aforementioned workaround