Passing 1 audience to get access_token request, but returned access_token has 2 audience

Hi Auth0 Community,

I set the audience properly and get access_token successfully, but when I use it to call API, I get 401 Authorized error with the detail like:

Bearer error="invalid_token", error_description="The audience 'https://development.au.auth0.com/api/v2/, https://development.au.auth0.com/userinfo' is invalid"

Then, I paste the access_token on jwt.io and see that it has 2 audiences the same as the error above.

Could anybody help me out what is the problem and how to fix it. Thanks a lot.

Hello, can anybody know what the problem is?

It’s very long bug, unfortunately, and do not think it will be resolved.
Shame but I had to disable Audience check and descrease security

Sorry, not a bug but a by design
Access token has two audiences? - Auth0 Community

Sorry again, it’s actually an easy - you should validate against same audience as you have in token ask on UI

1 Like

No worries! We’ve all been there and thanks for sharing with the rest of community!