UnauthorizedError: jwt audience invalid

Hi,

I am trying to run a test in Postman to try out one of my protected end points with this implementation:

const checkJwt = jwt({
  // Dynamically provide a signing key based on the kid in the header and the signing keys provided by the JWKS endpoint
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://YOUR_DOMAIN/.well-known/jwks.json`
  }),

  // Validate the audience and the issuer
  audience: '{YOUR_API_IDENTIFIER}', //replace with your API's audience, available at Dashboard > APIs
  issuer: 'https://YOUR_DOMAIN/',
  algorithms: [ 'RS256' ]
});

However, I am getting this error of UnauthorizedError: jwt audience invalid which I don’t understand since everything is done correctly as per the article. Is there something that I am missing? … I also used the autogenerated checkJwt declaration after creating the API.

Please advise.

Hi @jerryforcode

it looks like the middleware is telling you the audience in the JWT does not match the audience it is expecting. Could you post both the postman call and the actual code (rather than the template you show)?

John

1 Like

Hi John,

I got the audience value from my API configuration and have everything matching correctly. Not sure if it’s OK to post the info but I’m sharing a screenshot of where I got the value.

Does the api call expect an audience value in the request to match it ?

Hi @john.gateley

Please advise.

Thank you!

Hi @jerryforcode

There is not enough info in what you posted for me to debug. I need the actual code in the middleware layer, and the postman call, probably the token as well.

Thanks

John

@john.gateley I had to change audience to ‘aud’ and remove ‘issuer’ property and then it worked. Can you comment on this because I got my info from here: UnauthorizedError: jwt audience invalid. expected: undefined · Issue #30 · auth0-blog/nodejs-jwt-authentication-sample · GitHub
It doesn’t make sense why the starter template would give me something different.

Please advise.

@john.gateley hoping to get your feedback on this and if this solution is acceptable.