I am using angular2-jwt to initially authenticate, and then passing the id_token to my server to authenticate against my REST API. When auth0 redirects back to my angular app with the JWT, it seems to be passing an incorrect aud (audience) in the JWT. My server rejects the JWT due to validation erro…

Yes, the audience for an id_token will be the Client ID for the Client to which the id_token was issued. The audience for your access_token will be for the API Identifier (“ http://XXX.YYY.com/api ”). You should be sending the access_token to authenticate requests to your API Server Please see the …

JWT returned to callback has incorrect aud (audience)

Get Help

Sean_McIlvenna September 14, 2017, 2:10am 5

I know I’ve always sent an audience in my original request. However, I later realized that the audience was incorrect. So I changed it.

Is it correct behavior that if an incorrect audience is passed, the access_token will be very small (like previously mentioned)?

Topic		Replies	Views
Making a request for id token in oauth/token with audience returns unexpected aud value JWT.io	3	2526	April 17, 2025
Auth0.js - not returning the correct audience Get Help jwt , javascript , audience	2	3918	March 2, 2018
createAuth0Client ignores passed in Audience. Generates JWT with audience of access_token Get Help angular , jwt , auth0 , spa , auth0-spa-js	4	4482	March 4, 2020
Changing audience field for JWT authentication response Get Help login-experience , new-universal-login-experience	5	3676	January 27, 2023
Audience value in returned Bearer token JWT is a list Get Help userinfo , password , access_token , audience , access-token	2	7635	March 2, 2018

JWT returned to callback has incorrect aud (audience)

Related topics