Auth0 Resource Owner Password Flow with JWT Tokens Error

cameron_codes · November 4, 2023, 7:06am

Hi all,

I am working on a project that implements the Resource Owner Password flow from Auth0 with Express, however, I am running into an error.

Here’s the code:

import express, {Request, Response, Express} from "express";
import {auth} from "express-oauth2-jwt-bearer";

require("dotenv").config();

const PORT = process.env.PORT || 8080;

const checkJwt = auth({
    issuer: process.env.AUTH0_ISSUER_BASE_URL,
    audience: process.env.AUTH0_AUDIENCE_URL,
    secret: process.env.SECRET,
    tokenSigningAlg: "HS256"
  });  

const app: Express = express(),
    port = PORT;

app.use(checkJwt);

app.get("/", (req: Request, res: Response) => {
    const auth = req.auth;
    console.log(auth.payload)
    res.json({"status": "Authenticated"});
});

app.listen(port, () => {
    console.log("Server listening on port " + port);
});

After I obtain an access token from Auth0, I try to use it with my own API but receive the following error:

InvalidTokenError: KeyObject or CryptoKey instances for asymmetric algorithms must not be of type "secret"

dan.woda · November 9, 2023, 3:18pm

Hi @cameron_codes,

Welcome to the Auth0 Community!

If you inspect the token (you can do so at jwt.io), what signing algorithm does it use? You should see it in the token header as the alg claim.

system · November 28, 2023, 3:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.