"Invalid Algorithm" Error in Auth0-SPA-JS

Last Updated: Sep 27, 2024

Overview

This article addresses the Invalid Algorithm Error thrown when using Auth0-SPA-JS.

Applies To

• Applications
• Signing Algorithms

Solution

The SDK only supports JWTs that use the RS256 signing algorithm. When this error is displayed, it’s likely that the Auth0 application is set up to sign tokens using HS256.

The way around this error is to change the settings for the Auth0 application to sign tokens using RS256. To do this:

• Log in to the Auth0 dashboard.
• Open the Settings page for the corresponding application.
• Scroll to the bottom and click Show Advanced Settings.
• Click the OAuth tab.
• Ensure the JsonWebToken Signature Algorithm value is set to RS256.
• Click Save.

During the next authentication, this error should not be displayed.

Related References

• auth0/auth0-spa-js
• When and How to use the new SDK in your JS apps
• GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE 5
• Auth0 Signing Algorithms