Auth0 - Curl works, but fails from Chrome extension

world.binary · November 9, 2018, 3:15pm

Hi,

I have followed this documentation on implementing backend Auth0 in Python Flask:

When tested from CURL/Python/JavaScript using access token - it executed well and provided the protected data.

But I needed to access the data from within a chrome extension. I created the chrome extension with the help of the following documentation:

https://github.com/auth0-community/auth0-chrome

Also enabled Allow Offline Access in the API settings.

But what I receive is:

jose.exceptions.JWTError: Error decoding token headers.

I need help with the problem.

Regards,
Prith

nicolas_sabena · November 11, 2018, 6:47pm

It sounds as if the Access Token obtained in the Chrome extension is not valid. When doing the curl experiment, you probably used the audience parameter in the authorization request, which indicates the API that you want to access.

In the Chrome Extension sample, make sure to indicate the audience in the options object if you want to use the Access Token to make a request to your own API:

    let options = {
      scope: 'openid offline_access',
      device: 'chrome-extension',
      audience: 'your-API-identifier'
    };

    new Auth0Chrome(env.AUTH0_DOMAIN, env.AUTH0_CLIENT_ID)
      .authenticate(options)
    [...]

world.binary · November 12, 2018, 8:53am

Hi Nicolas,

That’s right! I just added the audience parameter and the program worked like charm.

Does the audience identifier need to be unique? I used the one available in the docs.

Thank you,
Prith

nicolas_sabena · November 12, 2018, 10:26am

The identifier only needs to be unique within your tenant, as the JWT middleware check both for the audience identifier (the aud claim) and the issuer (the iss claim, which is https://{your_auth0_domain}) when authorizing access.

system · December 12, 2018, 10:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.