From fbd240c0d4cc1d6e7f61e3a2acab625cb5d08886 Mon Sep 17 00:00:00 2001 From: bitsofinfo Date: Thu, 4 Dec 2025 15:02:57 -0700 Subject: [PATCH 1/2] feat: AUTH0_AUDIENCE --- docs/features/auth/sso/index.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/features/auth/sso/index.mdx b/docs/features/auth/sso/index.mdx index 72395c77..6965d8d0 100644 --- a/docs/features/auth/sso/index.mdx +++ b/docs/features/auth/sso/index.mdx @@ -121,6 +121,10 @@ The following environment variables are used: 1. `OAUTH_SCOPES` - Scopes to request. Defaults to `openid email profile` 1. `OPENID_REDIRECT_URI` - The redirect URI configured in your OIDC application. This must be set to `/oauth/oidc/callback`. +#### Auth0 + +1. `AUTH0_AUDIENCE`: If the OIDC provider is Auth0, this optional value can be set to the specific Auth0 `audience` the token should be issued for; doing so will ensure the access token is a JWT. If not specified the default behavior will be the issuance of an opaque Auth0 access token. [More info here](https://support.auth0.com/center/s/article/opaque-versus-jwt-access-token) + :::warning **Common OIDC Mistakes:** From c1cf8284ebc30594a9e231578b3146f26ed64816 Mon Sep 17 00:00:00 2001 From: bitsofinfo Date: Thu, 4 Dec 2025 16:20:00 -0700 Subject: [PATCH 2/2] feat: OAUTH_AUDIENCE config --- docs/features/auth/sso/index.mdx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/features/auth/sso/index.mdx b/docs/features/auth/sso/index.mdx index 6965d8d0..0e7d9f74 100644 --- a/docs/features/auth/sso/index.mdx +++ b/docs/features/auth/sso/index.mdx @@ -120,10 +120,7 @@ The following environment variables are used: 1. `OAUTH_PROVIDER_NAME` - Name of the provider to show on the UI, defaults to SSO 1. `OAUTH_SCOPES` - Scopes to request. Defaults to `openid email profile` 1. `OPENID_REDIRECT_URI` - The redirect URI configured in your OIDC application. This must be set to `/oauth/oidc/callback`. - -#### Auth0 - -1. `AUTH0_AUDIENCE`: If the OIDC provider is Auth0, this optional value can be set to the specific Auth0 `audience` the token should be issued for; doing so will ensure the access token is a JWT. If not specified the default behavior will be the issuance of an opaque Auth0 access token. [More info here](https://support.auth0.com/center/s/article/opaque-versus-jwt-access-token) +1. `OAUTH_AUDIENCE` - Optional `audience` value that will be passed to the oauth provider's authorization endpoint as an additional query parameter. :::warning