How to add an aud claim to a Microsoft Entra ID JWT

Question

I am using Microsoft Identity Platform with Microsoft Entra to manage user authentication and authorization within a single tenant [web] app, and I would like to use it as an external access provider to a 3rd party database — faunaDB.

The problem is Fauna expects a JWT token with a given audience like https://db.fauna.com/db/xxxx... but msal id and access tokens audiences are a single string value of the application ID and I cannot seem to append anymore.

---

The documentation for fauna says that

the aud claim must be configurable

is this not the case for Microsoft Entra JWTs? Or am I going about adding the aud wrong, should I be creating a new JWT with msal/MS Entra?

---

• I have tried adding an optional claim aud from the entrprise application -> single sign-on page to append an audience claim, but the aud claim is restricted.
• I tried using the audOverride optional claim but this caused the received JWT from the msal login redierct not to be accepted as it replaced the previous aud claim instead appending my override, or simply added audienceOverride field to the JWT
• I also tried to change the application URI ID to the neeeded audience claim by fauna (since that is used the aud claim value), for example https://db.fauna.com/db/xxxx... but I receive an error since the domain is not a sub-domain nor registered with my tenant

(the web app is built with gatsbyJS and using the msal-react and browser packages)