Auth0 - Curl works, but fails from Chrome extension

Hi,

I have followed this documentation on implementing backend Auth0 in Python Flask:

When tested from CURL/Python/JavaScript using access token - it executed well and provided the protected data.

But I needed to access the data from within a chrome extension. I created the chrome extension with the help of the following documentation:

https://github.com/auth0-community/auth0-chrome

Also enabled Allow Offline Access in the API settings.

But what I receive is:

jose.exceptions.JWTError: Error decoding token headers.

I need help with the problem.

Regards,
Prith

It sounds as if the Access Token obtained in the Chrome extension is not valid. When doing the curl experiment, you probably used the audience parameter in the authorization request, which indicates the API that you want to access.

In the Chrome Extension sample, make sure to indicate the audience in the options object if you want to use the Access Token to make a request to your own API:

    let options = {
      scope: 'openid offline_access',
      device: 'chrome-extension',
      audience: 'your-API-identifier'
    };

    new Auth0Chrome(env.AUTH0_DOMAIN, env.AUTH0_CLIENT_ID)
      .authenticate(options)
    [...]

Hi Nicolas,

That’s right! I just added the audience parameter and the program worked like charm.

Does the audience identifier need to be unique? I used the one available in the docs.

Thank you,
Prith

The identifier only needs to be unique within your tenant, as the JWT middleware check both for the audience identifier (the aud claim) and the issuer (the iss claim, which is https://{your_auth0_domain}) when authorizing access.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.