Invalid audience when using oidc-client

dhurt · November 13, 2019, 9:39pm

So a quick rundown of my app, I have an angular front end with a .net core 2.2 api. This is a bit of a migration of an existing application that is currently a mvc.net app, but the angular app and api project are new.

I’ve gone the route of using the oidc-client library in Angular and I’m able to authenticate just fine and I can properly generate a jwt token and pass that through an interceptor. However, on the api side I am getting errors saying that the audience is invalid. I’ve properly set the audience on the api side, but I was unsure of where to set the proper audience on the angular side? An example of my current settings:

OidcSettings: {
  authority: "http://myCompany.auth0.com/",
  client_id: "clientId",
  redirect_uri: "http://localhost:5000/callback",
  post_logout_redirect_uri: "http://localhost:5000/",
  response_type: "id_token token",
  scope: "openid profile email offline_access",
  filterProtocolClaims: true,
  loadUserInfo: true,
  metadata: {
    issuer: "https://myCompany.auth0.com/",
    authorization_endpoint: "https://myCompany.auth0.com/authorize",
    token_endpoint: "https://myCompany.auth0.com/oauth/token",
    userinfo_endpoint: "https://myCompany.auth0.com/userinfo",
    mfa_challenge_endpoint: "https://myCompany.auth0.com/mfa/challenge",
    jwks_uri: "https://myCompany.auth0.com/.well-known/jwks.json",
    registration_endpoint: "https://myCompany.auth0.com/oidc/register",
    revocation_endpoint: "https://myCompany.auth0.com/oauth/revoke",
  }
}

dan.woda · November 14, 2019, 6:19pm

Hi @dhurt,

Welcome to the Auth0 Community Forum!

The audience is the identifier of the resource. It will be shown in your API settings like this:

The API will use it to verify that it is the resource the token is intended for.

Here is an example of setting up an auth service in angular, it uses the auth0 library, but you should get the point:
https://github.com/auth0-samples/auth0-angular-samples/blob/master/02-Calling-an-API/src/app/auth/auth.service.ts

Hope this helps!

Thanks,
Dan

dhurt · November 14, 2019, 6:24pm

Thanks for the response Dan! Unfortunately, the issue I’m running into is slightly different.

The legacy app that we’re working to replace using an oidc compliant library to do authentication. Part of the token that it gets back contains the email address, and that is used to do user look ups in our identity database. Using the auth0 libraries, my jwt token does not contain the user email.

So maybe the better question would be here, how can I get that information? Using the oidc-connect javascript library to authenticate and generate the jwt token, this information shows up just fine (but the audience property is set to the client id). But when I use the auth0 library, the audience is properly set to the value you called out but the profile information is missing. I hope this clarifies a little of the issue I’m seeing…

dan.woda · November 15, 2019, 7:10pm

@dhurt,

Can you please DM me a HAR file of the transaction so I can investigate further?

dan.woda · November 29, 2019, 11:14pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The audience is invalid. C# backend, Angular frontend. Beginner question Help configuration , application	5	853	October 21, 2023
"invalid credentials" calling userinfo Help jwt , api , userinfo	5	4991	June 20, 2020
Your Examples "Angular 2+ Login" and "Angular 2+ Calling an API" Clarification Help auth0-endpoint-jwt	4	3841	July 25, 2019
Jwt audience invalid - It's client_id instead of the real audience Help	3	14992	August 29, 2019
Invalid token: "The audience' is invalid" Help auth0 , audience , dotnet-core , nextjs	4	15377	January 6, 2022

Invalid audience when using oidc-client

Related Topics