Closed adoublef closed 1 year ago
Auth0 will return an invalid JWT unless the audience is added to the Uri.
Could you please clarify? Added to which URI? In which function is the invalid JWT being returned? In which part of the code are you expecting to see a JWT? Also, in your use case, is the audience required? A brief look at the documentation says that it's optional.
The audience is required for so that the token that is returned isn't opaque but an access token (as this YouTube vid shares: Why is my Access Token not a JWT? (Opaque Token) -- Auth0 Community Response Series - YouTube). Due to this, you aren't able to use the token for subsequential requests using APIs configured in Auth0. Looks like an issue with the way getAuthorizationUri is created doesn't give an option to append your own params.
Ran into similar issue with a Go package that I use but they offer an additional method to set optional url params.
I don't think it's something that can be fixed without forking or waiting for the original author to fix but this will make using Auth0 incomplete.
Copying what I just wrote at cmd-johnson/deno-oauth2-client#33, the URI returned by getAuthorizationUri
is an instance of the URL class, so you can just add additional parameters as needed by calling uri.searchParams.set("paramName", "value");
yh that means then maybe just an additional options
argument is needed here and this should allow the ability for end users to add additional params.
This wouldn't be far off what they do here
EDIT: I think this should satisfy #141 I am unsure what api you think would be best but I have gone for an optional argument and the urlParams is just a record
@adoublef, can you confirm that this module works with Auth0?
Oh yes all that is needed is audience and you get a token that can be used with the APIs. I tested with generating the token and then using an existing go API with the required scope. The body was confirmation enough that it can work with the rest of what Auth0 has to offer.
Great to hear! Thanks for helping! 💪🏾
@iuioiua Will you be cutting a new release with this change anytime soon? Thank you!
Thanks mate!
I've made the issue here but as this package depends on it and the docs show Auth0 being supported wanted to bring it to your attention too.
Auth0 will return an invalid JWT unless the audience is added to the Uri. Looking at the code it doesn't seem that there's currently a way to allow this