Hello,
I’ve used the quickstart scenario for SPA + API. However, my access token remains invalid (according to jwt.io ) and therefor my API is also throwing Unauthorized exceptions.
This is my initialization of AuthWeb:
return await _auth0web.loginWithRedirect(
audience: "http://localhost:7145/", // const String.fromEnvironment("auth0audience"),
redirectUrl: "http://localhost:3000",
);
Is there any configuration issue possible in my Application configuration that could cause an invalid access token?
Hoping on some guidance on what I could possible have done wrong.
tyf
March 12, 2024, 1:42am
3
Hey there @mdebruin93 !
Sorry for the delayed response here - Were you ever able to get this sorted? If not, do you mind sharing the specific quickstart? Also, when inspecting network requests do you see the audience param being passed in the initial request to /authorize?
Hey There @tyf ,
I haven’t found a solution yet, unfortunately.
tyf
March 12, 2024, 4:28pm
5
Thanks for confirming - I am almost positive it is related to this issue:
opened 10:34PM - 30 Nov 23 UTC
closed 03:56PM - 11 Dec 23 UTC
needs investigation
web
### Checklist
- [X] The issue can be reproduced in the [auth0_flutter sample … app](https://github.com/auth0-samples/auth0-flutter-samples/tree/main/sample) (or N/A).
- [X] I have looked into the [Readme](https://github.com/auth0/auth0-flutter/tree/main/auth0_flutter#readme), [Examples](https://github.com/auth0/auth0-flutter/blob/main/auth0_flutter/EXAMPLES.md), and [FAQ](https://github.com/auth0/auth0-flutter/blob/main/auth0_flutter/FAQ.md) and have not found a suitable solution or answer.
- [X] I have looked into the [API documentation](https://pub.dev/documentation/auth0_flutter/latest/) and have not found a suitable solution or answer.
- [X] I have searched the [issues](https://github.com/auth0/auth0-flutter/issues) and have not found a suitable solution or answer.
- [X] I have searched the [Auth0 Community](https://community.auth0.com) forums and have not found a suitable solution or answer.
- [X] I agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
### Description
Added audience to login with redirect, in the chrome network tab I can see two calls to ouath/token end point. The first returns a valid JWT with the audience property, the second returns a blob. It is the second token that is returned by credentials.accessToken
This is either a bug or the audience parameter needs much better documentation.
### Reproduction
In the flutter sample app, add the audience param to loginWithRedirect
auth0Web.loginWithRedirect(redirectUrl: 'http://localhost:3000', audience: 'api identifier');
Add code to look at the access token returned by credentials.
Launch in a chrome web debug session, inspect the page when the login button comes up.
You will see two token exchange calls - first returns the expected JWT with the audience property and a valid signature, the second returns an arbitrarily token. The token returned by credentials.accessToken matches the second token, not the first.
### Additional context
_No response_
### auth0_flutter version
1.2.0
### Flutter version
3.13.6
### Platform
Web
### Platform version(s)
_No response_
If you specify the audience param in onLoad, you should then get a valid JWT like you are expecting. In the sample app it looks like:
@override
void initState() {
super.initState();
auth0 = widget.auth0 ??
Auth0(dotenv.env['AUTH0_DOMAIN']!, dotenv.env['AUTH0_CLIENT_ID']!);
auth0Web =
Auth0Web(dotenv.env['AUTH0_DOMAIN']!, dotenv.env['AUTH0_CLIENT_ID']!);
if (kIsWeb) {
auth0Web.onLoad(audience: 'https://test-api-endpoint').then((final credentials) => setState(() {
_user = credentials?.user;
print(credentials!.accessToken);
}));
}
}
Hey @tyf ,
Thank you for your response. That indeed fixed my issue.
1 Like
tyf
March 16, 2024, 1:04am
7
Awesome, thanks for confirming! Agreed, always appreciate the feedback
system
March 30, 2024, 1:05am
8
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
