Auth0 token not RS256

I am working on a project which uses Django backend and ReactJS frontend. I had initially build my own authentication system but now, I want to replace that with auth0. I have followed the following docs to integrate auth0:

ReactJS: Auth0 React SDK Quickstarts: Add Login to your React App

Django: Auth0 Django API SDK Quickstarts: Authorization


In the frontend, after user logins, I am trying to get the access token by using the getAccessTokenSilently() function. I have observed that the obtained token has empty payload and the “alg” is “dir” instead of “RS256”. How can I resolve this?

ReactJS Code:

function App() {
  const {
    loginWithRedirect,
    user,
    isAuthenticated,
    isLoading,
    getAccessTokenSilently,
  } = useAuth0();

  useEffect(async () => {
    if (isAuthenticated && !isEmpty(user)) {
      let token = await getAccessTokenSilently({});
      console.log('token', token);
    }
  }, [isAuthenticated, user]);

  if (!isLoading && !isAuthenticated) {
    return loginWithRedirect();
  }

  if (isLoading || !apolloClient) {
    return (
      <>
        <p>Loading...</p>
      </>
    );
  }

  return (
    <>
      <p>APP</p>
    </>
  );
}

function AppWrapper() {
  return (
    <Provider store={store}>
      <BrowserRouter>
        <Auth0Provider
          domain={process.env.AUTH0_DOMAIN}
          clientId={process.env.AUTH0_CLIENT_ID}
          redirectUri={window.location.origin}
        >
          <Alerts />
          <App />
        </Auth0Provider>
      </BrowserRouter>
    </Provider>
  );
}

ReactDOM.render(<AppWrapper />, document.getElementById("root"));

Sample JWT:

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9ldmVyeXRoaW5nLWFwcC1kZXYudXMuYXV0aDAuY29tLyJ9..6M2OeYCgUNEDULy4.8AfbjO1U0bDFucPF0AZYoZ0v8c1Qv5SNfOIuiPk4x-8Q3o0ib5SRNwukMIbrXIdG8Va_HCRTMg5cJET0jFk2tD2eGlGh2mp7uiGoWP1w_VZUKPxeW3ZZxJie8nxm1447TWXZ7C0WemLllD5maZRX96aOh3dcAUF-Ue42whZI9jXd0khtfY9cWssp7w-cB3CNCCEXDLeorgkp8k-jIO1qUWVC5bIGmKryy_zZf6TbTAtb-dO10v04WT0g-r70Ha3UIeiezCY2fY77dyAr7f8EhXRHQA5UL871VwpgWB1dzUGCW29gwaZNnJEBiF3y-voBhMCvOxXnkDBYNNCNrLs.t4LCOCfMcHdLrfFFNYP8uQ

Screenshot from jwt.io

Screenshot of Auth0 application settings:


I intend to use this access token when making backend API calls. As per the jwt_decode_token code snippet, I should be getting kid in the jwt payload which is not happening.

1 Like

Hi @SreekarMouli98,

Welcome to the Auth0 Community!

It looks like you are seeing an encrypted token instead of a JWT. This because you are not passing an audience parameter to auth0 with the request to authorize.

This FAQ explains the difference between the tokens and links to resources explaining how to get a JWT token.