Access_token validation between SPA and Machine to machine app

Hi team,

I am having 2 applications 1) Angular SPA 2) flask backend

I am getting access_token in response of Auth0 “oauth/token” endpoint.

When we are trying to decode that access_token in flask app it is giving below error message
“authlib.oauth2.rfc6750.errors.InvalidTokenError: invalid_token: The access token provided is expired, revoked, malformed, or invalid for other reasons.”

I checked access_token on it is containing audience value which is exactly same in Machine to Machine application. Also token is also not expired.

Not sure what exactly I am missing

If you are receiving the “invalid_token” error when trying to decode the access_token in your Flask app, there could be a few possible reasons for this issue. Here are some things you can check:

  1. Verify the token expiration: Although you mentioned that the token is not expired, it’s still worth double-checking the expiration time. Make sure that the current time is within the token’s validity period.

  2. Check the token signature: Ensure that the token signature is valid. Any modifications to the token will cause the signature verification to fail.

  3. Validate the token audience: Confirm that the audience value in the token matches the expected audience for your Flask app. The audience indicates who the token is intended for, and if it doesn’t match, the token will be considered invalid.

  4. Verify the token format: Ensure that the access_token is in the correct format for decoding. It should follow the JSON Web Token (JWT) format, consisting of three parts: the header, the payload, and the signature, separated by dots.

  5. Check the token revocation: If the token has been revoked or invalidated on the server side, it will result in an “invalid_token” error. Ensure that the token has not been explicitly revoked or invalidated.

Do let me know how it goes