Auth0 Home Blog Docs

Access token fails validation

#1

I’m evaluating if I can migrate my service to use auth0 for authentication. Right now I’m stuck at letting my API validate the access tokens. It fails with: “The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA”

I hope I write down all the relevant clues here:

Settings
I have one app with the auth domain: myapp.eu.auth0.com (uses RS256, haven’t changed advanced settings)
I have one custom api with the domain: api.mydomain.com (uses RS256 and can’t be changed)

Login
I use the auth0 lock with relevant config:
new Auth0Lock(
‘the app client id’,
‘the app domain’,
{
auth: {
responseType: ‘token id_token’,
params: {
scope: ‘openid’
},
audience: ‘the api domain’
}
}
)

I get two JTW’s that can be viewed on jwt.io.

Verify
Backend is written in Scala so I use the java libs:

“com.auth0” % “java-jwt” % “3.4.1”,
“com.auth0” % “jwks-rsa” % “0.6.1”,

val token = "valid jwt"
  val provider = new JwkProviderBuilder("https://myapp.eu.auth0.com/.well-known/jwks.json")
    .cached(10, 24, TimeUnit.HOURS)
    .rateLimited(50, 1, TimeUnit.MINUTES)
    .build()

  val jwt = JWT.decode(token)
  val jwk = provider.get(jwt.getKeyId)
  val algo = Algorithm.RSA256(jwk.getPublicKey.asInstanceOf[RSAKey])

  algo.verify(jwt) // throws SignatureVerificationException

Can anyone spot the error? I’m not sure if the private key is supposed to be used somehow, but from what I could tell it’s only used when signing new tokens?

#2

Hey there @durre, can you share the all libraries you are leveraging the backend? Seems like someone ran into a similar issue here. Any additional details you can give to better understand the challenge is appreciated. Thanks in advance!

#3

Hi @James.Morrison!

You helped me find the error, sort of. :slight_smile: Long story short: One of my unit tests were designed to fail the verification. I mistook that error for the error that made my valid token fail, leading me down the wrong path.

As usual it’s an embarrassing mistake :slight_smile:

1 Like
#5

I’m glad you were able to get it resolved. Be sure to swing back by if you have any additional questions in the future. Thanks!

closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.