Without specifying an audience in authorizationParams, auth0 issues a token intended for its /userinfo endpoint, that is why the access token is opaque. However, if you specify an audience like http://localhost:8080, the access token becomes readable because it’s a signed JWT. You can actually view it in jwt.io.
However, for that to work, auth0 must recognize that the audience first. To do that, create a custom API in auth0:
- Go to Applications > APIs and click Create API
- Enter the audience in the Identifier field (should be the same as the one
audiencein the app config)
export const appConfig: ApplicationConfig = {
providers: [
provideBrowserGlobalErrorListeners(),
provideRouter(routes),
provideAuth0({
domain: "dev-redacted.us.auth0.com",
clientId: "redacted",
authorizationParams: {
redirect_uri: window.location.origin,
audience: "http://localhost:8080",
},
}),
],
};