Hi,
We are currently developing a Vue SPA with help of the Auth0 SPA js SDK, which requests access tokens and sends them to our API.
Our API utilizes AWS STS to receive short term credentials for accessing our data layer with a customer-scoped, dynamic policy, to shift the authorization out of the service development’s scope and increase the security level by ensuring tenant-isolation.
AWS STS accepts only a String when requesting credentials with a WebIdentity.
It all works perfectly fine, when requesting credentials with an access token from Auth0 with a single Audience String.
Unfortunately, as I understand the documentation, whenever the scope openid and an API audience is send to get an access token, it will always return an Array.
And as the SPA SDK always sends the openid scope, we are a bit in a jam.
Is it possible to receive only a single audience in the token when using the SPA SDK?
Are there different workarounds or is our approach not suitable, maybe wrong?
Thank you!