Auth0 Home Blog Docs

API Quickstart error: "UnauthorizedError: secret or public key must be provided"



I tried to get the API quickstart working. Copy pasted it unchanged. When I try to validate a request I get “UnauthorizedError: secret or public key must be provided”

I’m sending the idToken I get when I log in like this:

		$.ajax('/api/v1/users', {
			headers: {
				Authorization: `Bearer ${idToken}`

Any idea what I’m doing wrong?

  • What API Quickstart are you using?
  • Is your API configured for RS256 or HS256 tokens?
  • Have you added the relevant validation code in your API?
  • API authorization features use the access_token, rather than id_token:

  • I’m using the NodeJS API quickstart.
  • It is using RS256 as the Quickstart suggests.
  • What is relevant validation code? I’ve done everything in the Quickstart.
  • I’m a little confused about access vs id tokens here. I poked around a bit more and added an audience to my lock, and it gave back an access token that is JWT this time. However, using this still gives me a “secret or public key must be provided” error.


I figured it out. It’s very stupid, but I’ll post it here for posterity. One of my other node_modules was including the Collections node package, which had a shim which over-wrote the Array.find prototype with non-canonical behavior. This was causing an array.find in jwks-rsa to fail to work with the posted error.


How did you find the node module causing this issue? I am having the same problem now and I am thinking it could be related to a module I added…?