Hi. We’re integrating an MCP server with OAuth so that MCP clients can invoke tools exposed by our APIs on behalf of the logged-in user. We’ve enabled Dynamic Application Registration and set up some connections as domain-level connections to support this.
The integration is mostly working, but after completing the OAuth flow, the token we receive is not a JWT that’s valid for authenticating with our APIs. Is there a way to configure the newly auto-registered applications so that they can issue JWT tokens that are accepted by another application (specifically, the one our APIs use for authentication)?
Reading through your use-case, I believe the issue lies with setting the correct audience for the application. Generally, if the application completed an OAuth flow without an audience being specified, Auth0 will issue an opaque token.