Our Authorisation just started failing when trying to verify users internally in the system.
We’ve been logging in via an SPA application to get an access token. We’ve then been using the header of that request to get the “kid” which we’ve been using to decode the token internally within our backend.
Today the access token stopped containing the kid header which means that we can no longer decode it.
We’ve not made any changes to our Auth0 configuration lately and this started failing simultaneously on all of our environments.
Has the Auth0 login process changed somehow that means that the access tokens are generated in a different way?