Hi, this seems to be an entirely undocumented flow, but when requesting an access_token using the oauth/token endpoint, I want a JWT instead of an Opaque token. When I give the parameter audience (the unique audience id in my application, in the form of a URL), what I get back in the token is a random string of chars and not the expected value of our audience. Is there deeper documentation around this flow so that I can build to it?
On second look, it looks like the audience encrypted in the JWT token is the Client Id and not the audience value. Is this expected?
Hi @ckarpyszyn
Welcome to the Auth0 Community!
I am sorry about the late reply to your inquiry!
Most probably, the audience passed inside the request is not the valid one for the specific application, thus returning an opaque token. If the audience is not specified or is not correct, the token returned will be opaque, however, it can be used for the /userinfo endpoint in order to retrieve the user info.
If you have any other questions, feel free to leave a reply or post again on the community!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.