Dear Auth0 Support Team,
I hope this email finds you well. I am reaching out to you because I have been encountering an issue while trying to validate tokens in my Python program using Auth0. I have thoroughly reviewed the audience setting in the Auth0 dashboard and confirmed its accuracy. However, despite my efforts, I am consistently receiving an “audience does not match” error during token validation.
Here is a summary of my setup:
- I have configured the Auth0 client for my application’s server using the OAuth library in Python.
- I am passing the correct audience value using the “os.getenv(‘AUTH0_AUDIENCE’)” parameter in both the authorization and token validation steps.
- I have cross-verified the payload of the token on jwt.io, and it appears to be correct.
I have ensured that the settings for “issuer,” “algorithms,” and other parameters are consistent with the values provided by Auth0.
Here’s an example of the payload from the token:
{
"https://prometeu.com/org_key": "8ad7f21b-896d-4cac-9500-43bb1f8303b3",
...
"aud": "07D5ftmyG2qpTjhe4UHmwZKJDzlZXFAx",
...
}
Despite my troubleshooting, the “audience does not match” error persists. I have consulted online resources and forums, but I haven’t found a solution that addresses my specific scenario.
I kindly request your assistance in resolving this issue. Could you please review the provided details and offer any insights into what might be causing this error? If there are any additional steps I should take or configurations I need to verify, I would greatly appreciate your guidance.
Thank you for your time and attention to this matter. I am looking forward to your response and working towards a resolution.
Best regards,
This is the code snipped in my app that gives authorization:
oauth = OAuth()
oauth.register(
name='auth0',
client_id=os.getenv('AUTH0_CLIENT_ID'),
client_secret=os.getenv('AUTH0_CLIENT_SECRET'),
client_kwargs={"scope": "openid profile email", "audience": f"{os.getenv('AUTH0_AUDIENCE')}"},
server_metadata_url=f"https://{os.getenv('AUTH0_DOMAIN')}/.well-known/openid-configuration",
access_token_url=f"https://{os.getenv('AUTH0_DOMAIN')}/oauth/token",
authorize_url=f"https://{os.getenv('AUTH0_DOMAIN')}/authorize",
api_base_url=f"https://{os.getenv('AUTH0_DOMAIN')}/",
audience=os.getenv('AUTH0_AUDIENCE')
)
@app.get('/login')
async def login(request: Request):
redirect_uri = request.url_for('auth')
response = oauth.auth0.authorize_redirect(request, redirect_uri)
state = request.query_params.get('state') # Pegando a página de redirecionamento
response_type = request.query_params.get('response_type') # Pegando a página de redirecionamento
return await oauth.auth0.authorize_redirect(request,
redirect_uri,
audience=os.getenv('AUTH0_AUDIENCE'),
state=state,
response_type=response_type)
@app.get('/auth')
async def auth(request: Request):
try:
token = await oauth.auth0.authorize_access_token(request)
access_token = token['access_token']
id_token = token['id_token']
#code = request.query_params.get('code')
#state = os.getenv('APP_URI')
state = request.query_params.get('state') # Pegando a página de redirecionamento
url = f"{state}?token={id_token}"
return RedirectResponse(url=url)
#return JSONResponse(content={"token": token})
except OAuthError as e:
return JSONResponse(status_code=400, content={"error": str(e)})
This is my code snipped in the app where I try to decode token:
payload = jwt.decode(
self.token,
self.signing_key,
algorithms=os.getenv("AUTH0_ALGORITHMS"),
audience=os.getenv("AUTH0_AUDIENCE"),
issuer=os.getenv("AUTH0_ISSUER"),
)