I m having nextjs as my client and expressjs my backend, I am trying to get the accessToken in my nextjs app with the below code ( by specifying the audience )
//app/fetchToken
import { NextResponse } from “next/server”;
import { getAccessToken, withApiAuthRequired } from “@auth0/nextjs-auth0”;
const GET = withApiAuthRequired(async function GET(req) {
const res = new NextResponse();
const { accessToken } = await getAccessToken(req, res, {
authorizationParams:{
audience:process.env.AUTH0_AUDIENCE,
scope: ‘openid profile email’,
}
});
console.log(accessToken);
return NextResponse.json({ accessToken: accessToken }, res);
});
export { GET };
The peoblem is the accessToken I get is an opaque token, but I need the actual access Token, Only then my server can validate it, Currently my server can’t validate this opaque token.
Also when I jwt.io to see the contents of this opaque token, it tells the opaque token is not in a valid signature.
Thanks for sharing the details - Are you able to inspect the request /authorize request in the network tab of your browser’s developer tools to see if the audience param is indeed being passed? I suspect it’s being excluded one way or another.
Thanks for checking! That’s super odd Nothing in your code stick out to me immediately - Have you tested using the same config values in the Sample app? If not, I recommend doing so and comparing results:
Any updates on this? Have the same issue by getting opaque token instead of jwt token byt passing correct audience param on authorizationParams. It looks like the client is not handle properly audience param passed to the constructor