I have a site setup and working perfectly - in the development environment using localhost:4205 and for the callback api localhost:5005
Now, I’m trying to set the URL to https://Real-Site.company.com . and I’ve added that as a valid Callback, and CORS (says it isn’t needed). And both the API and the main pages will be sent to this same server.
When I redirect to the mayaccount.auth0.com/authorize and specify a clientId (same as before), scope (same as before), audience (new URL instead of localhost…), nonce (same as before), and response_type=id_token (same as before)…
It comes back with an error of ‘service not found: https://Real-Site.Company.com’ - looking in the logs gives much greater detail! It says "service not found: https://Real-Site.Company.com’ . Thanks for the great log message, and the information on how to fix the problem right there in the logs so I don’t have to post this message and wait… (Oh, well, nevermind…)
So, Um, where is it looking for this service that it can’t find? I tried creating an API (like I had to do for the other one because the other one had a different site name for the API) and that didn’t work. I tried creating it with and without the trailing /
I’m ready to roll this out to 3 sites (common login in all 3 + development), and I’m blocked by it being weird.
Ah, so if I read this correctly (‘Service’ == ‘Audience’), and if I’m running at my desk, I have a fundamentally different kind of configuration than if I’m running on the server. If localhost - with a separate API URL, I need to request ‘audience’, BUT if they match, then Auth0 ‘can’t find’ that ‘Audience’ even if you add it as an API because you can’t specify an audience that is the same as the main site.
Interesting. Bizarre, but interesting.
So, the solution for all sites except localhost is to remove the ‘Audience’ completely. I’ll give that a try and let you know if it works.
Yeah, you can’t remove the Audience - it Does make it work, but then the access token is the useless thing that isn’t the jwt . (you would have to call in to the API get the real token information)
Is there a way to tell it that you ALWAYS want the token for the site, not for Auth0???
PS: Or, is there a standard audience that works? Maybe ‘NOT Auth0’
I tried ‘’, and I tried the server name, tried adding an API that matched the server name… There HAS to be some way to get back a JWT Access Token instead of this other token.
I may finally have a solution, although not as simple as if Auth0 didn’t return a non-jwt access token. I set the audience to: ‘https://site.name/api/’ and add the /api/ to the API list (even though it is on the same site.name… This seems to work. Interesting enough, if you request the auth0.com/adfs/.well-known/openid-configuration/ . it doesn’t return a logout URL, yet there is one (/logout). Sounds like a bug in the Openid-configuration.