JWT tokens with Dynamic Application Registration

jgonzalez2 · July 28, 2025, 8:16am

Hi. We’re integrating an MCP server with OAuth so that MCP clients can invoke tools exposed by our APIs on behalf of the logged-in user. We’ve enabled Dynamic Application Registration and set up some connections as domain-level connections to support this.

The integration is mostly working, but after completing the OAuth flow, the token we receive is not a JWT that’s valid for authenticating with our APIs. Is there a way to configure the newly auto-registered applications so that they can issue JWT tokens that are accepted by another application (specifically, the one our APIs use for authentication)?

gerald.czifra · July 31, 2025, 6:48pm

Hi @jgonzalez2

Welcome to the Auth0 Community!

Reading through your use-case, I believe the issue lies with setting the correct audience for the application. Generally, if the application completed an OAuth flow without an audience being specified, Auth0 will issue an opaque token.

I recommend reading through the following Knowledge Article on this matter, that goes over the Value of the Audience Attribute in Access Token Requests and its Significance and how to correctly set it. Once completed, your should be receiving a valid JWT instead of an opaque token.

Hope this helped!
Gerald

Topic		Replies	Views
Making a request for id token in oauth/token with audience returns unexpected aud value JWT.io	3	2635	April 17, 2025
Generated JWT token is invalid Get Help management-api , keys	2	3825	January 23, 2023
Authorization code flow returns opaque token instead of JWT even though audience is set Get Help jwt , api	10	5620	November 26, 2021
Still getting an opaque token with audience and scope Get Help apis , application	4	99	April 11, 2025
Auth0.js - not returning the correct audience Get Help jwt , javascript , audience	2	3953	March 2, 2018

JWT tokens with Dynamic Application Registration

Related topics