Auth0 JWT Malformed, also token is A256GCM


This is the problem on the backend (Apollo server)


I know i need to provide “audience” but its not helping

verifyToken file

const jwt = require(“jsonwebtoken”);
const jwksClient = require(“jwks-rsa”);

const verifyToken = async (bearerToken) => {
const client = jwksClient({
jwksUri: https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json,

function getJwksClientKey(header, callback) {
client.getSigningKey(header.kid, function (error, key) {
const signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);

return new Promise((resolve, reject) => {
audience: process.env.AUDIENCE,
issuer: https://${process.env.AUTH0_DOMAIN}/,
algorithms: [“RS256”],
function (err, decoded) {
if (err) reject(err);

module.exports = { verifyToken };

@dan.woda pls help sir. im stuck on this for a while now…any help will be highly valued.

Hi @pandeysandeep1190,

See this FAQ: Why is my access token not a JWT? (Opaque Token)

Hey @dan.woda , i saw this FAQ, but i dont see how i my apply it to my case… i’m using the getAccessTokenSilently() and passing the token on Apollo server, and it says jwt malformed in the verfifyToken file.
Can you just provide me with a little detail please? I’ve just started using Auth0

Where actually do i need to provide this audience parameter? :grimacing:


This is how im dong it currently

@dan.woda pls help me out, im actually considering to quit Auth0, this is my first experience and its not really good.

Now i got an error saying consent is required


Have you seen this thread?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.