Access Token always returns encrypted ID Token (alg: dir), even with correct audience and settings

daichitk1 · May 19, 2025, 11:27am

I am using Auth0 with a React SPA + Rails API setup.
I want to retrieve an RS256-signed Access Token using getAccessTokenSilently() from the SPA.

I have already checked and configured the following:

However, getAccessTokenSilently() still returns an encrypted token like this:

{
  "alg": "dir",
  "enc": "A256GCM"
}

This seems like a misconfiguration or bug.
Tenant name: dev-id5xx82j7py05t5w

Please help. I’m stuck.

dawid.matuszczyk · May 19, 2025, 12:48pm

Welcome to the Auth0 Community!

Thank you for posting your question. Can you double-check if you are properly adding the audience parameter to the request?

 const accessToken = await getAccessTokenSilently({
          authorizationParams: {
            audience: "API_IDENTIFIER"
          }

Thanks
Dawid

system · June 2, 2025, 12:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
React I get an Opaque JWT when I call getAccessTokenSilently, even after defining the audience and scope in the Provider Get Help auth0-react , sdks-quickstarts	5	894	March 12, 2024
Getting Opaque token instead of JWT token (Audience Added) Get Help auth0-react , sdks-quickstarts	2	872	March 14, 2024
Building Secure APIs with Rails 6 and Auth0 Blog Discussions auth0 , rails-api	16	5525	May 31, 2022
React app, Receiving an Opaque Token when I should be receiving a JWT token supposedly Get Help configuration , application	2	352	February 20, 2024
getAccessTokenSilently not using correct signing algorithm? Get Help jwt , auth0 , api	2	3862	March 14, 2022