Why am I getting the error "JWT audience validation failed" when checking the "Enforce Audience Restriction" checkbox?

Environment:

Oracle B2C Service sites using OAUTH for Single Sign-On Configurations

Issue:

OAUTH Authentication is setup in the “Single Sign-On Configurations” page in the console, and when an attempt is made to submit a REST call using OAUTH, one of the following errors are returned:

• In the REST JSON response: “You are not authorized to use this site” with an error code of OSC-CREST-00014
• JWT audience validation failed

Resolution:

If you select "Enforce Audience Restriction" and do not specify any custom audience URL, then the JWT used for making the REST call should contain the site's REST URL (https://<yoursite>.custhelp.com/services/rest) as one of the values in the JWT's "aud" array. If you are specifying some custom audience URL on the SSO configuration page, then one of the strings in the "aud" array should be the same value.