Hi all,
I am working on a project that implements the Resource Owner Password flow from Auth0 with Express, however, I am running into an error.
Here’s the code:
import express, {Request, Response, Express} from "express";
import {auth} from "express-oauth2-jwt-bearer";
require("dotenv").config();
const PORT = process.env.PORT || 8080;
const checkJwt = auth({
issuer: process.env.AUTH0_ISSUER_BASE_URL,
audience: process.env.AUTH0_AUDIENCE_URL,
secret: process.env.SECRET,
tokenSigningAlg: "HS256"
});
const app: Express = express(),
port = PORT;
app.use(checkJwt);
app.get("/", (req: Request, res: Response) => {
const auth = req.auth;
console.log(auth.payload)
res.json({"status": "Authenticated"});
});
app.listen(port, () => {
console.log("Server listening on port " + port);
});
After I obtain an access token from Auth0, I try to use it with my own API but receive the following error:
InvalidTokenError: KeyObject or CryptoKey instances for asymmetric algorithms must not be of type "secret"