Hi! I am developing a mobile app and a web app for my university.
My backend is made in NodeJS and I authenticate my users with this code:
import { auth } from 'express-oauth2-jwt-bearer';
export const validateAuthorizationMiddleware = auth({
audience: `https://${process.env.AUTH0_DOMAIN}/api/v2/`,
issuerBaseURL: `https://${process.env.AUTH0_DOMAIN}/`,
});
My web app is made in React and it is in production, so backend and web app work right.
I started to develop my mobile app in Flutter and I have a problem with the access token when I send the token to my backend server, it says âInvalid Compact JWSâ (it also happened developing my react app when I use wrong credentials, but I think that it is not the case now).
I think it happen because I use âdemoâ scheme, but I donât know how to use other scheme (I understand that demo is not for production)
This is my AuthProvider
class AuthProvider extends ChangeNotifier {
late Auth0 _auth0;
late String _scheme;
bool _loading = true;
Credentials? _credentials;
UserProfile? _profile;
AuthProvider(String domain, String clientId, String scheme) {
_auth0 = Auth0(domain, clientId);
_scheme = scheme;
_checkCredentials();
}
bool get loading => _loading;
Credentials? get credentials => _credentials;
UserProfile? get profile => _profile;
String get token => _credentials?.accessToken ?? '';
String get userId => _profile?.sub ?? '';
void _checkCredentials() async {
if (await _auth0.credentialsManager.hasValidCredentials()) {
_credentials = await _auth0.credentialsManager.credentials();
if (_credentials != null) _retrieveProfile(_credentials!.accessToken);
}
_loading = false;
notifyListeners();
}
void login() async {
_credentials = await _auth0.webAuthentication(scheme: _scheme).login();
notifyListeners();
}
void logout() async {
await _auth0.webAuthentication(scheme: _scheme).logout();
_credentials = null;
notifyListeners();
}
void _retrieveProfile(String accessToken) async {
_profile = await _auth0.api.userProfile(accessToken: accessToken);
}
}
and this is the token that is sent to my backend (it has a different format of the token I have in my web app):