Merge pull request #2292 from PolicyEngine/2263_add_aud_to_bearer_token

Auth now specifies api as audience.
PolicyEngine · Jan 8, 2025 · 4bfece9 · 4bfece9
2 parents 0754e47 + 1981c90
commit 4bfece9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/src/__tests__/hooks/useAuthenticatedFetch.test.js b/src/__tests__/hooks/useAuthenticatedFetch.test.js
@@ -34,6 +34,7 @@ describe("useAuthenticatedFetch", () => {
       },
     });
   }
+
   test("given the user is logged in then it adds the bearer token", async () => {
     givenTheUserIsLoggedIn("TEST_AUTH_TOKEN");
     const requestOptions = {
@@ -60,6 +61,7 @@ describe("useAuthenticatedFetch", () => {
       },
     ]);
   });
+
   test("given the user is not logged in then it adds nothing", async () => {
     const { result } = renderHook(() => useAuthenticatedFetch());
 

diff --git a/src/auth/Auth0ProviderWithNavigate.jsx b/src/auth/Auth0ProviderWithNavigate.jsx
@@ -26,6 +26,7 @@ export default function Auth0ProviderWithNavigate({ children }) {
       clientId={clientId}
       authorizationParams={{
         redirect_uri: redirectUri,
+        audience: "https://api.policyengine.org/",
       }}
       onRedirectCallback={onRedirectCallback}
       useRefreshTokens={true}

diff --git a/src/hooks/useAuthenticatedFetch.js b/src/hooks/useAuthenticatedFetch.js
@@ -17,7 +17,9 @@ export function useAuthenticatedFetch() {
       if (isAuthenticated) {
         try {
           //as per https://auth0.com/docs/quickstart/spa/react/02-calling-an-api
-          const accessToken = await getAccessTokenSilently();
+          const accessToken = await getAccessTokenSilently({
+            audience: "https://api.policyengine.org/",
+          });
           headers["Authorization"] = `Bearer ${accessToken}`;
         } catch (error) {
           //IGNORE. If we can't get an access token we just call the API