Auth rule restricting tasks to be queried only by logged-in users prevents any tasks to be queried by anyone

I’ve been following the tutorial in the Dgraph GraphQL docs, and followed all the docs about setting up Auth0: https://dgraph.io/docs/graphql/todo-app-tutorial/todo-auth0-jwt/

When I cloned the tutorial code repository and set up Auth0 according to the docs, and added my public key to the schema, it resulted in this error:

Unhandled Rejection (Error): GraphQL error: couldn't rewrite query getUser because audience value was expected but not provided

I’m not sure what that error means. I thought that the audience value was in the token. So I thought that means that if the header is named X-Auth-Token, the token is not able to be read for some reason.

I tried changing the public key line in the schema to X-Auth0-Token instead of X-Auth-Token. That allowed the app to compile and show up in the browser, and let me try querying the database from Insomnia using the token, but no tasks could be queried at all. The input form showed up but no tasks were listed. They could be created though; after updating the schema to remove the auth rule I was able to list them again.

How would I get the auth rule to work as shown in the docs?

My code is here

Your JWT token has audience value but you haven’t provided audience value in the schema.
Steps to add audience in the can be found in the docs.
Also, we have updated the Authorization format in the schema.

It worked! Thank you.

The authorization format that worked was:

Dgraph.Authorization {“VerificationKey”:"-----BEGIN PUBLIC KEY-----\n…\n-----END PUBLIC KEY-----",“Header”:“X-Auth-Token”,“Namespace”:“https://dgraph.io/jwt/claims",“Algo”:“RS256”,“Audience”:["my_clientId”]}

I proposed changes to fix the tutorial https://github.com/dgraph-io/dgraph/pull/6442