Auth now specifies api as audience. #2292

mikesmit · 2025-01-06T04:18:26Z

partially fixes #2263

In the baseline implementation of the app the auth token request did not specify an audience (the target API for the JWT). After defining the policyengine API in auth0, I have now updated both the provider and the fetch with auth to specify issuer.

Immediately this will actually stop existing, logged in users from submitting a bearer token until they have to re-log in.

Since the bearer token is yet used this change will not impact the user experience.

partially fixes #2263 In the baseline implementation of the app the auth token request did not specify an audience (the target API for the JWT). After defining the policyengine API in auth0, I have now updated both the provider and the fetch with auth to specify issuer. Immediately this will actually stop existing, logged in users from submitting a bearer token until they have to re-log in. Since the bearer token is yet used this change will not impact the user experience.

mikesmit requested a review from nikhilwoodruff January 6, 2025 13:49

MaxGhenis approved these changes Jan 8, 2025

View reviewed changes

MaxGhenis merged commit 4bfece9 into master Jan 8, 2025
2 checks passed

MaxGhenis deleted the 2263_add_aud_to_bearer_token branch January 8, 2025 21:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Auth now specifies api as audience. #2292

Auth now specifies api as audience. #2292

mikesmit commented Jan 6, 2025

Auth now specifies api as audience. #2292

Auth now specifies api as audience. #2292

Conversation

mikesmit commented Jan 6, 2025