Access token does not contain the necessary claims

Ready to post? First, try searching for your answer.
const accessToken = await getAccessToken();
The access token that is returned does not contain any claims in its payload. We need it to contain the claims shown in the examples on this page.

All that is contained in the token we are getting is
{
“alg”:
“enc”:
“iss”:
}

Here is the middleware code:
import {
withMiddlewareAuthRequired,
getSession,
getAccessToken,
} from “@auth0/nextjs-auth0/edge”;
import { NextResponse } from “next/server”;
import type { NextRequest } from “next/server”;

export default withMiddlewareAuthRequired(async function middleware(
req: NextRequest,
) {
// Retrieve the Auth0 session token from the request.
const res = NextResponse.next();
const session = await getSession(req, res);
// const accessToken = await getAccessToken();

const accessToken = await getAccessToken(req, res, {
scopes: [“openid”, “profile”, “email”],
});

console.log("accessToken: ", accessToken);

if (!session) {
return NextResponse.json({ error: “Unauthorized” }, { status: 401 });
}

console.log("sesson: ", session);

// Access API key from server-only env variable
const apiKey = process.env.NEXT_API_KEY;

if (!apiKey) {
return NextResponse.json(
{ error: “Internal Server Error: API Key Missing” },
{ status: 500 },
);
}

// Clone request headers and attach the Authorization token
const requestHeaders = new Headers(req.headers);
requestHeaders.set(“Authorization”, Bearer ${session.accessToken});
requestHeaders.set(“X-API-KEY”, apiKey);

return NextResponse.next({
request: {
headers: requestHeaders,
},
});
});

Hi @micahcb

Welcome to the Auth0 Community!

Thank you for posting your question. Can you check if your application sends the audience inside the authorization request? I suspect you receive the opaque token used only for the /userinfo endpoint.

Thanks
Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.