jbreckmckye
commented
2 years ago From https://auth0.com/docs/glossary:
Audience
The unique identifier of the audience for an issued token, identified within a JSON Web Token as the
audclaim. The audience value is either the application (Client ID) for an ID Token or the API that is being called (API Identifier) for an Access Token. At Auth0, the Audience value sent in a request for an Access Token dictates whether that token is returned in an opaque or JWT format.
Basically, in your token payload you have a set of "claims", one of which is the aud of servers that are supposed to receive this token.
From https://learn.akamai.com/en-us/webhelp/api-gateway/api-gateway-user-guide/:
The aud claim identifies the audience that the JWT is intended for. If the principal that processes the JWT does not identify itself with an identifier in the aud claim value, the server rejects the JWT. This claim is an array of case-sensitive strings, each containing a StringOrURI value.
Some context on the auth0 forums here. Essentially you need to specify this or else you can only get an opaque token, not a JWT.
guizmaii
Hi @jbreckmckye,
Thanks for this library. Very useful :)
I don't find references for this part of the request in the Auth0 doc: https://auth0.com/docs/login/authentication/add-login-using-the-authorization-code-flow-with-pkce#basic-authentication-request 🤔
Was it something previously asked by Auth0 that is not required anymore, maybe?