tyf
June 12, 2023, 11:47pm
2
Hey there @claim727 !
You should be using the access token against your backend API - Can you confirm the audience of the access token matches that of the API identifier of your API as defined in your Auth0 dashboard? Is your API middleware checking for scopes or anything else or just verifying the access token? A missing audience is a misstep here:
here .
JSON Web Token standard and contain information about an entity in the form of claims. They are self-contained in that it is not necessary for the recipient to call a server to validate the token. Access Tokens issued for the Auth0 Management API and Access Tokens issued for any custom API that you have registere…
Let us know if this is not the case!