Error with multiple JWT audiences

I’m trying to use MongoDB Realm with Auth0 as my custom JWT authentication provider. Auth0 generates JWTs with multiple audiences. The aud payload field is an array of strings. When I try to authenticate with Realm using that token, I get this error:

{
  "error": "json: cannot unmarshal array into Go struct field accessTokenData.aud of type string",
  "link": "https://realm.mongodb.com/groups/..."
}

It seems like Realm can’t handle aud being an array of strings instead of a string. I checked the spec, and according to section 4.1.3, it does allow for multiple audiences. It seems like this might be a bug with Realm’s parsing of JWTs. Any help would be awesome because Auth0 generates my JWTs, and I can’t yet find a way to get it to send only a single audience. Thanks!

Hey Caleb,

Great to meet you! I actually used to work at Auth0 and now MongoDB and ran into this issue myself when setting up Realm authentication with Auth0.

While the JWT spec does support the audience field being an array, Realm currently does not :frowning: . It must be a string. But I did have a work around for this though… let me dig it up and I’ll follow up shortly.

3 Likes

That would be great, thanks @ado! Auth0 is a fantastic product, and Realm seems pretty cool, so it would be a shame if there’s not a way to get them working together.

1 Like

Hey @ado, just wanted to check in and see if you were able to find a workaround for this issue, whether on the Realm side or the Auth0 side. Thanks so much for your help!

@ado Can you please provide some feedback? I’m facing the same issue and it’s pretty much a show stopper for me … It would be great if using Realm would remain an option for my next project. Thank you very much!