I currently use the auth0-spa-js library and authentication works great. Once I get the AccessToken I want to pass this to my own PHP Rest API I manage. Within my REST API I am attempting to use the Auth0 PHP SDK to verify the token is valid. Check link below for reference.
I think I answered my own question here php - Auth0 "The JWT string must contain two dots" - Stack Overflow, in that, I need to pass an audience. That’s why my token isn’t valid.
My question for this topic is… what do I pass as the audience? In the Auth0 dashboard I see the Management API, that has the “Identifier” I could use as audience parameter. But I also want to only verify the token on other requests within my REST API that won’t necessarily be interacting with the Management API. I only want to use the Management API to create, edit, delete users. I tried passing audience as “undefined” but token still had empty payload and the PHP SDK threw exception.
Thanks for the help!