Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT Access Token - Custom Audience #830

Closed
the133448 opened this issue Jun 8, 2021 · 7 comments
Closed

JWT Access Token - Custom Audience #830

the133448 opened this issue Jun 8, 2021 · 7 comments
Assignees
@evansims

Comments

@the133448
Copy link

the133448 commented Jun 8, 2021
edited

We have noticed that the Access Token being generated is not in the form of a JWT Token, it is a much shorter Opaque token, which whilst able to access the userinfo endpoint, is not able to access a custom API we have added to Auth0.

To fix this I believe we need to adjust the audience field that this plugin is creating, in particular here . If we add our custom API here, then I believe Auth0 would return a access token in the form of a JWT token, but still have access to the user management API in the audience field.

Is our thinking correct? If so, is it possible to make the audience here configurable?

Or is there already a configurable to add a custom Audience to ensure we get back a JWT Token
@the133448
Copy link
Author

the133448 commented Jun 9, 2021
edited

Update, I have discovered in Auth0 Tenant Settings > API Authorization Settings, there is the ability to declare a Default Audience which correctly returns the JWT token. However this applies to all my applications, there could be a use case where we just want to request this audience for just the WP plugin application.

So, perhaps let me update this feature request to make it configurable to request multiple audiences?

@evansims
Copy link
Member

evansims commented Jun 9, 2021

Hey @the133448 👋 Thanks for reporting this; I'm out on holiday this week but I'll take a look at this as soon as I can when I return. (Sorry not to have anything to report yet, just didn't want to leave you hanging.)

@evansims evansims self-assigned this Jun 9, 2021
@cocojoe
Copy link
Member

cocojoe commented Sep 10, 2021

@the133448 is this still something you need advice on? Thanks

@evansims
Copy link
Member

Going to close this for now as it's gone stale; let us know if this is still an issue for you, and we can re-open.

@the133448
Copy link
Author

Hi @evansims , we ran into this again, we have multiple applications now so ideally we don't want to use the Default Audience under the tenant settings as this impacts our other applications.

@the133448
Copy link
Author

HI @evansims would you be able to reopen this?

@evansims
Copy link
Member

evansims commented Apr 17, 2022
edited

Hi @the133448 👋 Thanks for the update. Support for multiple audiences is on our radar for the next major release, but we don't currently have a timetable for this that I can offer

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@evansims evansims

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evansims @cocojoe @the133448