Auth0 access token is missing the JWS payload


The access token issued by Auth0 is missing the middle part. It is a JWT token and JWT tokens are made of three parts and the part called JWS payload is missing.

The token looks something like this:
QAIOPJhbGciOiJkaXwwiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6LPOPOIhc2VlLXNzby1wb2MuZXUuYXV0aDAuY29tLyJ9…DHomwSRXYQAcRm4q.KcqMl50fHTADADydfmRWf2vvSr_QaBpc8c_Smks5G8MlfWytuTd0paeBYxC3wojPY4hn0BarpN3qv4DDFREq1uGGZGkhWs0Pc67Hke3XndebV165ie9MtH5w1flLq_1pAh0PLOIY6a79yE_oT5jXrjw1vIgK1v4poS7kYsCC8. You can see there is a “…” part there which should be the payload.

What could be the issue?

I am logging in my users via React SDK and I am using Google as the social provider (Auth0 React SDK for Single Page Apps). The JSW payload was missing before and is still missing after I set up my project in the Google Console.

Hi @sarunas.marozas1,

Welcome to the Auth0 Community!

I understand you are seeing a malformed JWT.

Can you please send me a sample token you are receiving in a DM?


Can we do something about this? I re-checked the app settings several times and even started to use google’s social production keys. But still the JWS payload is missing. I can not validate the tokens in my API.

I responded in the DM, we can work through it there until we find a resolution.

This was resolved in a DM. The JWT being returned was an encrypted token (JWE).

By passing an audience parameter it is possible to return an unencrypted JWT.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.