I have followed the tutorial to create one API and one Application. I have tried many methods to get the JWT, so that I can make API calls from client Javascript.
The problem is no matter how I set audience in my Auth0.WebAuth parameters, or direct http call. The return value for audience is always the same ClientID.
Here is the link I tried to make a request to get authorized for the id_token.
[Edited for tenant privacy]
I must have missed something, but after over 12 hours of work. I have run out of woods.
Please help. Thank you.
Hello! The issue that I am seeing is that you are not requesting an access token, you’re requesting only an ID token. By specification definition, the audience of an ID token will always be the client ID. In order to request an access token for API authorization, you can format your your WebAuth instance like so:
Requesting token id_token as the responseType will ensure that you receive an access token with the appropriate audience for your API in addition to the ID token. The WebAuth instance’s audience should match the identifier for the API that you set up at https://manage.auth0.com/#/apis
I hope this helps! Please let us know if you have any further questions or run into issues.