Hi @wr8tt5 as @luis.rudge mentioned we use the audience parameter to make a determination which resource server the user is authorizing access to. By default auth0 issues that opaque token which has limited use on some of our API endpoints. We also issues that opaque access_token when specifying the /userinfo endpoint as the audience.
In our implementation we require you to specify an audience for some resource server. This indicates to Auth0 that we are using an OIDC flow and the audience of that token will be for the specified resource server. Many libraries often include a way to specify audience or other custom parameters natively via a property or in this case via extra parameters. Here is the code I think you will might be able to use (it assumes you are using Universal Login / hosted login page):
If you didn’t want to specify the audience parameter as part of the authorize call you can optionally specify the default audience for your tenant. Doing this means all clients will get a JWT access token for the default resource server without specifying an audience. To setup a default audience you can:
- Navigate here: https://manage.auth0.com/#/tenant
- Enter a default audience:
