 What is the audience? We're answering frequently asked questions from the Okta customer identity cloud community. In this video, you will learn about the OAuth 2 audience claim. For this demo, you'll want to be familiar with JWT's access tokens and have a rough understanding of OAuth 2. We will be using the OAuth 0 dashboard and the OAuth 0 protocol debugger extension. So let's get started. What is the audience? The audience is a claim inside the token payload. It's typically represented by AUD. This claim indicates the intended consumer of the token, usually an API or resource server. For this demo, we're going to need to create an application. I've created an application called MyTestApp. This is our client app. We're also going to need to create a custom API. For this, I created MyTestAPI. You'll notice MyTestAPI has an API audience. This is a string we'll use to identify the API and request tokens for it. We can copy this for later when we're making requests for tokens. You'll notice that this is an endpoint. This endpoint will never be called by OAuth 0. It is simply a way to identify the API, also known as an API identifier. Great! Let's get into testing. For this, I'm going to use the Auth0 authentication API debugger. This extension allows us to mock requests for tokens. We are going to mock requests as if we're requesting tokens from MyTestApp. Select the application we've created and go to the OAuth2OIDC tab. This tab allows us to manipulate the parameters that are sent with requests. If I scroll down, you'll notice I have set up my audience here as MyTestAPI and I've configured it to be turned on, meaning it will be sent with the request for an access token. Great! If I click this login button, I have a test user that will be logged in. We can inspect the result. Here's the response from our Auth server. You see, it has sent an access token. We can look down here at the access token. We can look at the contents of it. It's been decoded for us. Inside of the token payload, we see there is an odd claim, AUD, that is the audience. These two endpoints are the intended consumers of our token. This means we can send the token to MyTestAPI and return for resources. We can also exchange it at the user info endpoint for MyTenant in exchange for the user's profile. Let's go back and try it without the audience and see what happens. I remove this audience parameter. Toggle it off. I click login. You'll see I'm still returned with an access token, but this time it can't be decoded. That's because it's an opaque token. This token is not intended to be consumed outside of Auth0's internal APIs. This token can be exchanged at the user info endpoint for the user's profile, but it has no use to us outside of that. That's it. Today we took a look at the audience parameter, what it is, and how to use it to receive a JWT. If you found this video helpful, please like and subscribe on YouTube and join us for more content on communityauth0.com.