I am working on a project which uses Django backend and ReactJS frontend. I had initially build my own authentication system but now, I want to replace that with auth0. I have followed the following docs to integrate auth0:
ReactJS: Auth0 React SDK Quickstarts: Add Login to your React App
Django: Auth0 Django API SDK Quickstarts: Authorization
In the frontend, after user logins, I am trying to get the access token by using the getAccessTokenSilently() function. I have observed that the obtained token has empty payload and the “alg” is “dir” instead of “RS256”. How can I resolve this?
ReactJS Code:
function App() {
const {
loginWithRedirect,
user,
isAuthenticated,
isLoading,
getAccessTokenSilently,
} = useAuth0();
useEffect(async () => {
if (isAuthenticated && !isEmpty(user)) {
let token = await getAccessTokenSilently({});
console.log('token', token);
}
}, [isAuthenticated, user]);
if (!isLoading && !isAuthenticated) {
return loginWithRedirect();
}
if (isLoading || !apolloClient) {
return (
<>
<p>Loading...</p>
</>
);
}
return (
<>
<p>APP</p>
</>
);
}
function AppWrapper() {
return (
<Provider store={store}>
<BrowserRouter>
<Auth0Provider
domain={process.env.AUTH0_DOMAIN}
clientId={process.env.AUTH0_CLIENT_ID}
redirectUri={window.location.origin}
>
<Alerts />
<App />
</Auth0Provider>
</BrowserRouter>
</Provider>
);
}
ReactDOM.render(<AppWrapper />, document.getElementById("root"));
Sample JWT:
eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9ldmVyeXRoaW5nLWFwcC1kZXYudXMuYXV0aDAuY29tLyJ9..6M2OeYCgUNEDULy4.8AfbjO1U0bDFucPF0AZYoZ0v8c1Qv5SNfOIuiPk4x-8Q3o0ib5SRNwukMIbrXIdG8Va_HCRTMg5cJET0jFk2tD2eGlGh2mp7uiGoWP1w_VZUKPxeW3ZZxJie8nxm1447TWXZ7C0WemLllD5maZRX96aOh3dcAUF-Ue42whZI9jXd0khtfY9cWssp7w-cB3CNCCEXDLeorgkp8k-jIO1qUWVC5bIGmKryy_zZf6TbTAtb-dO10v04WT0g-r70Ha3UIeiezCY2fY77dyAr7f8EhXRHQA5UL871VwpgWB1dzUGCW29gwaZNnJEBiF3y-voBhMCvOxXnkDBYNNCNrLs.t4LCOCfMcHdLrfFFNYP8uQ
Screenshot from jwt.io
Screenshot of Auth0 application settings:
I intend to use this access token when making backend API calls. As per the jwt_decode_token code snippet, I should be getting kid in the jwt payload which is not happening.