[SPA + API] Can NOT Get Audience Correct

jsu317 · January 18, 2019, 7:29am

Goal: Have SPA + API Work.

I have followed the tutorial to create one API and one Application. I have tried many methods to get the JWT, so that I can make API calls from client Javascript.
The problem is no matter how I set audience in my Auth0.WebAuth parameters, or direct http call. The return value for audience is always the same ClientID.

Here is the link I tried to make a request to get authorized for the id_token.

[Edited for tenant privacy]

I must have missed something, but after over 12 hours of work. I have run out of woods.
Please help. Thank you.

Regards.

jsu317 · January 18, 2019, 4:20pm

Here is the access_token I got from the request.

[edit for privacy]

kim.maida · January 21, 2019, 1:59pm

Hello! The issue that I am seeing is that you are not requesting an access token, you’re requesting only an ID token. By specification definition, the audience of an ID token will always be the client ID. In order to request an access token for API authorization, you can format your your WebAuth instance like so:

new auth0.WebAuth({
  clientID: YOUR_CLIENT_ID,
  domain: YOUR_DOMAIN,
  responseType: 'token id_token',
  audience: 'YOUR_AUTH0_API_IDENTIFIER',
  ...[etc]

Requesting token id_token as the responseType will ensure that you receive an access token with the appropriate audience for your API in addition to the ID token. The WebAuth instance’s audience should match the identifier for the API that you set up at https://manage.auth0.com/#/apis

I hope this helps! Please let us know if you have any further questions or run into issues.

jsu317 · January 25, 2019, 5:36pm

Thank you for the reply. This really helped me out.

system · February 9, 2019, 5:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.