I have integrated the Auth0 Universal login into my Android app. I am requesting the offline_access scope to ensure I get a refresh token. I am not including any other scopes. I also set the audience, because my backend requires it to be set in the access token. The problem is when I get my access token and decode it, the aud
claim is an array containing two audiences, the one I requested and a “https://my-domain.us.auth0.com/userinfo” audience.
The problem is that I am using an off-the-shelf package called PostgREST for my backend, and it is expecting a single string for the audience - not an array. Is there any way to request an access token and refresh token for a given audience, and not end up with an array of audiences? I was able to accomplish this in my web app using just the Authorization Code Flow, but is it possible when doing the Authorization Code Flow with PKCE?