I am attempting to make a simple SPA that follows the Authorization Code Flow with Proof Key for Code Exchange (PKCE) flow. It appears to login, and my next step is to get the Authentication Token , but the token returned looks like KnkWEnS7yush7x5nlAjKl46vPPjD79m- which does not look like jwt to…

Some success: I am setting both the scope and the audience; and I updated the auth0-spa-js to record both so they survive between web page loads, and update the new Auth0Client when the page reloads. The SPA can get an jwt access token, use it, and the service can verify it. SPA: [ code ] API: [ cod…

Wrong token upon getTokenSilently()

Help

dan.woda October 2, 2019, 10:11pm 4

Hi @klahnakoski,

This is an opaque access token, and is an added layer of security when the token is not meant to be consumed by any API outside of Auth0.

If you are trying to request a jwt for your custom API, then you will need to specify audience.

Hope this helps!

Thanks,
Dan