OAuth Authentication Not Supported with 'Audience' as ParameterIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Audience (often aud) is a claim inside an Access Token that says who the token is for — i.e. which API or resource server should accept this token. In Auth0, when you define an API in the Dashboard, you give it an Identifier (often a URL string, e.g. https://my-api.example.com/). That Identifier is the value you use as audience when you request a token for that API. If you request an access token without specifying the correct audience, Auth0 either issues a token with the wrong aud claim (or no audience claim), or rejects the request. In particular, using client_credentials flow, Auth0 requires that you pass the audience in the body of the token request. Otherwise the API will reject it, because the token is not intended for it The OAuth authentication is failing with an error message 'OAuth flow failed. Verify the configurations and try again. "error":"access_denied","error_description":"Client is not authorized to access \"YOUR_ENDPOINT". You need to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/management/v2/client-grants/post-client-grants"} Auth0 decides whether to issue a token for an API based on the audience parameter (and whether the client has a client-grant for that audience). Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Not specific to release Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } OOTB in our application registry there is no option to pass the audience value in request body, in REST message too you have only option for a header or a query parameter. Below is a custom workaround, 1. Extend the OAuthUtil Script Include by creating a new Script Include that extends the out-of-the-box OAuthUtil Script Include. 2. Override the interceptRequestParameters function in the new Script Include. 3. Add the custom 'audience' parameter inside the overridden interceptRequestParameters function. 4. Implement the proposed approach in the system to include the 'audience' parameter in the request body. Example implementation:var OauthCustomUtil = Class.create();OauthCustomUtil.prototype = Object.extendsObject(OAuthUtil, {interceptRequestParameters: function(requestParamMap) {// Add the 'audience' parameterrequestParamMap.put('audience', 'write_URL');// Call the parent method to ensure other parameters are handledthis.preprocessAccessToken(requestParamMap);},type: 'OauthCustomUtil'}); Since it is a work-around, I would strongly recommend validating it in a lower instance first. Please also avoid modifying the out-of-the-box Script Include directly. NOTE: As this is a custom solution, we will not be able to take ownership of any issues or impacts that may arise from its use in your environment.