AccessToken validation guard

eugenez · October 11, 2021, 2:34pm

I created a validation guard like this Auth0 Node (Express) API SDK Quickstarts: Authorization, but encountered two interesting moments.

In case when the token is expired I still getting a valid response.
I can send idToken instead of accessToken and the response is still valid
Is this correct behavior or I am doing something wrong?

dan.woda · October 11, 2021, 7:26pm

You should not get a valid response from a protected endpoint in either of these scenarios. Something is likely configured incorrectly.

system · December 23, 2021, 5:02pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can i check within my iOS (Swift) app, if my idToken has expired? Help ios , idtoken	2	7684	March 2, 2018
Id_token expiration check Help jwt , id_token , expiration	3	4525	April 22, 2022
How to find out why id_token is not valid? Help id_token , not-working	3	5826	March 2, 2018
How does authorization work with an API and an SPA Help auth0 , java , react	8	4171	April 9, 2019
Id_token expiry/correct use of access token JWT.io	3	4246	August 9, 2019