I’m trying to implement Auth0 within my SPA ( vuejs ).
- I created an API, gave it an audience ( test.aud ) and set the signing algorithm to RS256.
- I then went into the client that was created and set the oAuth signing algorithm to RS256.
- In my app I’m using auth0.js, and followed the instructions to create a WebAuth() with scope = openid
All of which is working, however when I try to access the /userinfo endpoint with the JWT access_token I’m getting a 401. When I look in the token I see “aud”: “test.aud”, which I believe is the problem. From what I’ve read, aud should be an array of values, the audience I specified and https://[account].auth0.com/userinfo, but its not there.
I believe the problem is that I can’t hit that end point with the JWT token if its not in the ‘aud’, and it should be included as long as I include ‘openid’ in the scope, which I’m doing. Alternatively, if I use https://[account].auth0.com/userinfo as my audience to create the token, then I get the 16 digit opaque token, which I’m then able to use to get /userinfo, but I’m not able to us that token in a custom authorizer for my application API.