Bear with me, new to Auth0/authentication flow.
I have a .NET Core Web API that I need to authenticate with so that I can internally run integration tests (from the .NET Core Web API App) involving endpoints. I have setup a development account w/ Auth0 with a development application “Development App”, a Machine to Machine app type, and a development endpoint “Development API”.
I have configured the web api to authorize on my endpoints using JWT tokens received from Auth0 and am successfully receiving JWT tokens from Auth0. However, whenever I try to access my endpoints, all my tests fail from a Bad Request error ( Bad Request : Request to url http://myapp.com:5000/api/myEndpoint Return status Unauthorized Response Content).
I try to access the endpoint through Postman and I receive the following error: Bearer error=“invalid_token”, error_description=“The issuer ‘https://dev-api.eu.auth0.com/’ is invalid”.
Not sure what I’m doing wrong. . .I am posting my requests to https://dev-api.eu.auth0.com/oauth/token and passing in the following key/value set:
ClientSecret = DevAppSecret
ClientId = DevAppClientID
Username = Auth0User
Password = Auth0PW
GrantType = password
Scope = openid
Not sure if it matters, but I have my audience set to “https://dev-api.eu.auth0.com/api/v2”. Updating this post after a response from @glorat. I have been testing the tokens received from Auth0 in JWT.io. . .the token I receive back contains an Access Token and an ID token. I’ve tried both tokens in the token verifier. The access token contains a valid signature, however the ID token does not. Not sure if this makes a difference.
I also tried to ping my endpoint in Postman with the Access Token instead of the ID Token, and I get the following error: Bearer error=“invalid_token”, error_description=“The signature key was not found”
Any assistance would be greatly appreciated, and thanks in advance!