Auth0 - multiple audiences in access token

I have tried following the docs here on how to setup Auth0 single page application so it can generate ledger API access tokens:

Some of the front end code in the first blog post needed upgrading to fit the latest Auth0 API. After getting it to compile/run, the tokens generated by Auth0 are now including two audiences, see for example:

  "aud": [

When submitting calls to the ledger API using such tokens with two audiences, I get UNAUTHENTICATEED errors. On the ledger API logs I see errors like this:

Could not parse JWT token: Could not read ["DamlAuth0ExampleAPI", ""] as string for aud||  

Looks like the ledger API cannot support tokens with multiple audiences? Apparently Auth0 will always include the userinfo audience – Access token has two audiences? - #2 by woeterman94 - Auth0 Community. The linked blog posts above are quite old now. Is there any more recent working example?

Hi @huw ,

Support for multiple audiences was added in Daml 2.6, in part due to this change in Auth0, which highlighted that our JWT support didn’t quite comply with RFC7519.
Please see the Minor Improvements section of the release notes.

1 Like

That’s great news! Thanks @bernhard.