Hi,
I’m having trouble getting an access_token for my API using the hosted Lock. I’ve specified the audience as follows:
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
config.callbackOnLocationHash ? 'token' : 'code',
params: config.internalOptions,
audience: 'my_api_identifier'
},
Which sends the request:
https://myapp.auth0.com/authorize?client_id=1yMOhyS....
&response_type=token%20id_token
&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback
&audience=my_api_identifier
&connection=Username-Password-Authentication
&login_hint=mark%40email.com
&nonce=6wcybvcAB...
&state=uxnbKWq7h...
&scope=openid%20profile
&_csrf=deprecated
&protocol=oauth2
&auth0Client=eyJuYW1l...
&_intstate=true
But, event though the audience
param is set correctly, I just get an opaque access token back rather than the JWT I need to access my_api_identifier
.
I also tried the request with a bogus audience, and the authentication didn’t fail, so it’s my guess that some other parameters are causing the audience to be ignored entirely.
Any ideas?