Continuation of a reply to another thread, but limited to 3 replies, it says to edit one of the others, but I can’t do that. (this is SO stupid I can’t even begin to describe it, I could create a new topic, or a new account, but not a new reply)
So, to recap the original issue:
I am modifying the CONFIG ONLY of an application that currently uses ADFS and OAuthService object from Angular to do the oauth2 protocol. This works fine in ADFS.
In Auth0, it would work, but the Access_Token that is requested is returning a short token that is not a JWT, apparently, you have to specify an ‘audience=’ (which the keyword appears to be case sensitive! Audience causes auth0 to crap out.), and that returns a Access Token that is a JWT like I was expecting.
If you have no API’s defined, adding the audience parameter just causes everything to break and it redirects to the URL with # and nothing instead of the token.
Ok, if I create an API, for the locahost:5005, it returns a token with a Dual-Audience (the requested one: localhost:5005 and a bonus one for Auth0…) . Then when it tries to validate this, I get ‘Invalid Audience’ in the validation. This is true no matter if I specify localhost:4205 (UI), or localhost:5005 (API) for the requested Audience. ADFS is SO MUCH easier to setup and it was a Freaking nightmare!
I tried to edit the API to add a trailing / to the ‘http://localhost:5005’ but apparently, once created you can’t edit it!! OMG Seriously? So, I created a 2nd one with that… which didn’t help.
Any idea how I can just drop Auth0 in for an ADFS replacement, or do I just need to drop Auth0?
I tried sending an e-mail to Support, but they apparently don’t want to support potential paying customers, only those that have already paid…
Don’t ask too many questions, as I’m only allowed 2 more replies to this before I have to create another topic or account.
PS: the other issue I’m having is that I used the pre-defined ‘role’ claim, which ADFS correctly returns as just ‘role’, but the best I can get from Auth0 is:
“http://schemas.microsoft.com/ws/2008/06/identity/claims/role”: “admin”
instead of the correct: “role” : “admin”
Like I get with ADFS.
If you specify just ‘role’ then Auth0 decides that it is going to enforce the ‘suggestion’ about namespaces and NOT let you send it through. (This isn’t showing up in the AuthToken, only the the idToken, but that could be because of the rule that I have that adds it… First I have to get this stuff working at all…)