Why is it necessary to pass an ‘audience’ parameter in the implicit flow authorisation request to receive an access token in JWT format? I’m attempting to get my existing SPA (Angular) and API (NET core) application working against Auth0 using implicit flow. I thought that configuring a SPA applica…

Hi @wr8tt5 as @luis.rudge mentioned we use the audience parameter to make a determination which resource server the user is authorizing access to. By default auth0 issues that opaque token which has limited use on some of our API endpoints. We also issues that opaque access_token when specifying t…

Why is it necessary to pass the 'audience' parameter to receive a JWT?

Get Help

luis.rudge May 7, 2018, 8:21pm 3

There’s no way to choose between generating an opaque access token and JWT access token. This behavior is based on the audience param, as the doc says. Which openid library are you using?

1 Like

Topic		Replies	Views
Implicit access_token Opegue, not JWT? OIDC Enabled Get Help	3	3879	December 4, 2018
Accesstoken and Id-Token. Which one to use and how to validate an opaque accesstoken? Get Help	2	3155	August 28, 2019
Opaque access token introspection Get Help access_token , opaque-tokens , api-access_token	3	7427	March 2, 2018
Authentication with SPA and API Get Help jwt , auth0	2	4065	September 17, 2020
createAuth0Client ignores passed in Audience. Generates JWT with audience of access_token Get Help angular , jwt , auth0 , spa , auth0-spa-js	4	4478	March 4, 2020

Why is it necessary to pass the 'audience' parameter to receive a JWT?

Related topics