JWT tokens with Dynamic Application Registration

Hi. We’re integrating an MCP server with OAuth so that MCP clients can invoke tools exposed by our APIs on behalf of the logged-in user. We’ve enabled Dynamic Application Registration and set up some connections as domain-level connections to support this.

The integration is mostly working, but after completing the OAuth flow, the token we receive is not a JWT that’s valid for authenticating with our APIs. Is there a way to configure the newly auto-registered applications so that they can issue JWT tokens that are accepted by another application (specifically, the one our APIs use for authentication)?

Hi @jgonzalez2

Welcome to the Auth0 Community!

Reading through your use-case, I believe the issue lies with setting the correct audience for the application. Generally, if the application completed an OAuth flow without an audience being specified, Auth0 will issue an opaque token.

I recommend reading through the following Knowledge Article on this matter, that goes over the Value of the Audience Attribute in Access Token Requests and its Significance and how to correctly set it. Once completed, your should be receiving a valid JWT instead of an opaque token.

Hope this helped!
Gerald