Auth0 - multiple audiences in access token

huw · March 27, 2023, 6:05am

I have tried following the docs here on how to setup Auth0 single page application so it can generate ledger API access tokens:

Some of the front end code in the first blog post needed upgrading to fit the latest Auth0 API. After getting it to compile/run, the tokens generated by Auth0 are now including two audiences, see for example:

{
  "aud": [
     "DamlAuth0ExampleAPI",
     "https://mytenant.auth0.com/userinfo"
  ]
}

When submitting calls to the ledger API using such tokens with two audiences, I get UNAUTHENTICATEED errors. On the ledger API logs I see errors like this:

Could not parse JWT token: Could not read ["DamlAuth0ExampleAPI", "https://mytenant.auth0.com/userinfo"] as string for aud||

Looks like the ledger API cannot support tokens with multiple audiences? Apparently Auth0 will always include the userinfo audience – Access token has two audiences? - #2 by woeterman94 - Auth0 Community. The linked blog posts above are quite old now. Is there any more recent working example?

bernhard · March 27, 2023, 7:30am

Hi @huw ,

Support for multiple audiences was added in Daml 2.6, in part due to this change in Auth0, which highlighted that our JWT support didn’t quite comply with RFC7519.
Please see the Minor Improvements section of the release notes.

huw · March 27, 2023, 8:56pm

That’s great news! Thanks @bernhard.

Topic		Replies	Views
JWT Tokens Without Auth0 Questions	1	151	April 5, 2022
Multi-party authentication via auth0 or daml Questions daml	1	183	March 25, 2022
Simplified JWT access token creation in Auth0 Tutorials and Guides	13	2443	September 20, 2021
Multiple authorization types on a ledger-api Questions ledger-api	2	167	October 5, 2022
Can I run the "Setting Up Auth0" tutorial locally? Questions	2	191	October 15, 2021

Auth0 - multiple audiences in access token

Related topics