Auth0 access token is missing the JWS payload

Hi,

The access token issued by Auth0 is missing the middle part. It is a JWT token and JWT tokens are made of three parts and the part called JWS payload is missing.

The token looks something like this:
QAIOPJhbGciOiJkaXwwiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6LPOPOIhc2VlLXNzby1wb2MuZXUuYXV0aDAuY29tLyJ9…DHomwSRXYQAcRm4q.KcqMl50fHTADADydfmRWf2vvSr_QaBpc8c_Smks5G8MlfWytuTd0paeBYxC3wojPY4hn0BarpN3qv4DDFREq1uGGZGkhWs0Pc67Hke3XndebV165ie9MtH5w1flLq_1pAh0PLOIY6a79yE_oT5jXrjw1vIgK1v4poS7kYsCC8. You can see there is a “…” part there which should be the payload.

What could be the issue?

I am logging in my users via React SDK and I am using Google as the social provider (Auth0 React SDK for Single Page Apps). The JSW payload was missing before and is still missing after I set up my project in the Google Console.

Hi @sarunas.marozas1,

Welcome to the Auth0 Community!

I understand you are seeing a malformed JWT.

Can you please send me a sample token you are receiving in a DM?

Hey,

Can we do something about this? I re-checked the app settings several times and even started to use google’s social production keys. But still the JWS payload is missing. I can not validate the tokens in my API.

I responded in the DM, we can work through it there until we find a resolution.

This was resolved in a DM. The JWT being returned was an encrypted token (JWE).

By passing an audience parameter it is possible to return an unencrypted JWT.

3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.