0

I need an audience when trying to decode the access_token I receive after authentication.

I can't seem to find any docs on what this audience is supposed to be. I tried using my client_id to no avail. Is it supposed to be https://identity.xero.com/resources?

Serj
  • 1
  • 1
    Hi Serj, If you can clarify your question I can add additional detail to the answer. But the API does provide an audience ("aud"), so it seems like something is going wrong after the response is received. What language/platform/sdk are you using? – RJaus Sep 22 '21 at 22:12

1 Answers1

0

The JWT token received should look like this:

{
    "nbf": 1589363023,
    "exp": 1589364823,
    "iss": "https://identity.xero.com",
    "aud": "https://identity.xero.com/resources",
    "client_id": "91E5715B1199038080D6D0296EBC1648",
    "sub": "a3a4dbafh3495a808ed7a7b964388f53",
    "auth_time": 1589361892,
    "xero_userid": "1945393b-6eb7-4143-b083-7ab26cd7690b",
    "global_session_id": "ac2202575e824af3a181c50fcaa65c3c",
    "jti": "4e7747cec4ce54d6512b4b0775166c5f",
    "authentication_event_id": "d0ddcf81-f942-4f4d-b3c7-f98045204db4",
    "scope": [
      "email",
      "profile",
      "openid",
      "accounting.transactions",
      "accounting.settings",
      "offline_access"
    ]
  }

As you can see, the aud token is set to https://identity.xero.com/resources as you'd expect.

You might want to check that the wrapper/sdk you're using to interact with the API isn't parsing out these details prior to displaying the object.

Read more in the docs: https://developer.xero.com/documentation/guides/oauth2/auth-flow#4-receive-your-tokens

RJaus
  • 176
  • 12