Auth0.js V9 returns invalid token altrough user info are parsed correctly

giovannilaperna · January 28, 2023, 1:27pm

I’ve an application with custom gateway passwordless connection and RS256 JSON Web Token (JWT) Signature Algorithm
On my application I’m authenticatin with Classic Universal Login Experience correctly. I get a valid token
I’m now trying to migrate to auth0.js V9 and I get something unexpected:
the user info is parsed correcly however the accessToken is invalid

This function correclty log the user info

webAuth.parseHash({ hash }, function(err, authResult) {
  if (err) {
    return console.log('err', err);
  }
  webAuth.client.userInfo(authResult.accessToken, function(err, user) {
    if (err) {
      console.log('err', err)
    }
    else {
      console.log('user', user)
    }
  })
})

this function logs the error jwt malformed

import jwt from 'jsonwebtoken'

jwt.verify(token, process.env.AUTH0_SIGNING_CERTIFICATE, { algorithms: ['RS256'] }, (err, decoded) => {
  if (err) {
    console.log('err', err)
  }
  else {
    console.log('decoded', decoded)
  }
})

and if I check the token on jwt.io I get Invalid Signature.

What can be the reason?

dan.woda · January 31, 2023, 3:27pm

Hi @giovannilaperna,

I would suggest starting with this FAQ:

giovannilaperna · January 31, 2023, 6:26pm

Thank you!
Resolved setting the audience property.

system · February 14, 2023, 6:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.