Use of the Management API and My Own REST API

I currently use the auth0-spa-js library and authentication works great. Once I get the AccessToken I want to pass this to my own PHP Rest API I manage. Within my REST API I am attempting to use the Auth0 PHP SDK to verify the token is valid. Check link below for reference.

I think I answered my own question here php - Auth0 "The JWT string must contain two dots" - Stack Overflow, in that, I need to pass an audience. That’s why my token isn’t valid.

My question for this topic is… what do I pass as the audience? In the Auth0 dashboard I see the Management API, that has the “Identifier” I could use as audience parameter. But I also want to only verify the token on other requests within my REST API that won’t necessarily be interacting with the Management API. I only want to use the Management API to create, edit, delete users. I tried passing audience as “undefined” but token still had empty payload and the PHP SDK threw exception.

Thanks for the help!

I’ve tried adding a custom API to the Auth0 dashboard that uses my REST API url, and used the identifier as the audience parameter on the client side and still produces an invalid token.

Found that it was the audience parameter, I needed to add it to the getTokenSilently() too. Also needed to add it to PHP SDK decode audience parameter.

1 Like

Thanks for sharing it with the rest of community!