Passing 1 audience to get access_token request, but returned access_token has 2 audience

khanh.le · August 11, 2021, 7:39am

Hi Auth0 Community,

I set the audience properly and get access_token successfully, but when I use it to call API, I get 401 Authorized error with the detail like:

Bearer error="invalid_token", error_description="The audience 'https://development.au.auth0.com/api/v2/, https://development.au.auth0.com/userinfo' is invalid"

Then, I paste the access_token on jwt.io and see that it has 2 audiences the same as the error above.

Could anybody help me out what is the problem and how to fix it. Thanks a lot.

khanh.le · August 13, 2021, 2:11am

Hello, can anybody know what the problem is?

lonli.lokli · April 11, 2022, 10:37pm

It’s very long bug, unfortunately, and do not think it will be resolved.
Shame but I had to disable Audience check and descrease security

lonli.lokli · April 12, 2022, 11:55am

Sorry, not a bug but a by design
Access token has two audiences? - Auth0 Community

lonli.lokli · April 12, 2022, 12:57pm

Sorry again, it’s actually an easy - you should validate against same audience as you have in token ask on UI

konrad.sopala · April 12, 2022, 2:13pm

No worries! We’ve all been there and thanks for sharing with the rest of community!

Topic		Replies	Views
My token has multiple audiences. Is that normal? Help	9	16155	May 14, 2020
Validating ASP.NET JWT with token that has multiple audiences Help	2	3853	July 23, 2020
JWT access_token "invalid" issue with jwt.io debugger (if no audience specified) Feedback jwt , api , passwordless , access-token	2	2013	February 13, 2023
OPError: invalid_token (The access token signature could not be validated Help apis , application	8	2187	March 23, 2023
Why my Api cannot validate access_token sent by my Angular app Help auth0	4	1632	June 16, 2022

Passing 1 audience to get access_token request, but returned access_token has 2 audience

Related Topics