Welcome to the Auth- Community!
I am sorry about the late reply to your inquiry.
When you login to Auth0 and don’t specify an audience, you will get an opaque access token. It looks like a regular JWT, but actually it’s a self contained encrypted JWT. The only way to validate an opaque token is to call the server that issued the token, in this case the /userinfo endpoint.
In order to get an JWT. You need to create a custom api. Then use this as the audience in your react app to login:
<Auth0Provider
domain="YOUR_AUTH0_DOMAIN"
clientId="YOUR_AUTH0_CLIENT_ID"
redirectUri={window.location.origin}
audience="YOUR_API_IDENTIFIER"
This will provide you a JWT when you call the getAccessTokenSilently() method.
Then you can specify the same API as the audience in your api:
const jwtCheck = auth({
issuerBaseURL: "https://<DOMAIN>",
audience: "YOUR_API_IDENTIFIER",
});
Hope this is helpful to the issue that you were facing.
If you have any other questions, feel free to leave a reply or post again on the community!
Kind Regards,
Nik