Management API Access Token Validity

teagan · February 7, 2018, 6:05am

After receiving an access token by using the access payload, I make a request to get a user by their email using the user payload. I then get the error ‘Invalid signature received for JSON Web Token validation’ as a response. Does the access token need to be modified before it can be used for authorization with requests?. What am I doing wrong here?

const access = {
   method: 'POST',
   url: 'https://{MY COMPANY DOMAIN}.auth0.com/oauth/token',
   headers: {'content-type': 'application/json'},
   body:{
     grant_type: 'client_credentials',
     client_id: '{My Non Interactive Client ID}',
     client_secret: '{My Non Interactive Client Secret}',
     audience: 'https://{MY COMPANY DOMAIN}.auth0.com/api/v2/'
    },
    json: true
 };

 const user = {
   url: `https://{MY COMPANY DOMAIN}.auth0.com/api/v2/users-by-email?email=${encoded}`,
   method: 'GET',
   headers: {
     'Content-Type': 'application/json',
     'Authorization': `Bearer ${access_token}`
    }
};

ricardo.batista · February 9, 2018, 4:55pm

Could you share more info about which client, auth0 domain and library version you’re using? Are you able to replicate the problem using Postman or does it only happen in your application?

You can also check in https://jwt.io/ if the Management API v2 token you get from the /oauth/token is a valid token for the https://{MY COMPANY DOMAIN}.auth0.com/api/v2/ audience.