Auth0 token obtained through nextjs-auth0 SDK in Nextjs is valid in local environment, but invalid when deployed on AWS

  • Which SDK this is regarding: nextjs-auth0
  • SDK Version: v1.5.0
  • Platform Version: Node v14.6.1
  • Code Snippets/Error Messages/Supporting Details/Screenshots:
    Hey, my issue is this, I have a next’s project that is linked to an express backend. Using the nextjs-auth0 SDK, a JWT token is obtained using the getAccessToken() function in the package. This is done with the API functionality of Nextjs. The JWT is then sent to the express backend along with any and all HTTP requests which will then be checked and validated on the express backend. This process works flawlessly on local environment, with the appropriate middleware in express rejecting any requests without a token and allowing ones with a token through. HOWEVER, when deployed on AWS, the token obtained by Nextjs is always invalid thus causing valid user logins to always not be able to access data from the backend.

All appropriate environment variables have been declared, and there doesn’t seem to be anything missing, yet this problem still persists.

Nextjs API where token is obtained

import { NextApiRequest, NextApiResponse } from 'next'
import { getAccessToken, withApiAuthRequired } from '@auth0/nextjs-auth0'

export default withApiAuthRequired(async function User(
  req: NextApiRequest,
  res: NextApiResponse
) {
  const { accessToken } = await getAccessToken(req, res)
  console.log(accessToken)
  if (req.method === 'GET') {
    const response = await fetch(
      `${process.env.NEXT_PUBLIC_API_URL}/api/users/${req.query.userId}`,
      {
        headers: {
          Authorization: `Bearer ${accessToken}`
        }
      }
    )
    const data = await response.json()
    res.status(200).json(data)
  } else {
    const response = await fetch(
      `${process.env.NEXT_PUBLIC_API_URL}/api/users/${req.query.userId}`,
      {
        body: JSON.stringify(req.body),
        headers: {
          'Content-Type': 'application/json',
          Authorization: `Bearer ${accessToken}`
        },
        method: 'PUT'
      }
    )
    const data = await response.json()
    console.log(data)
    res.status(200).json(data)
  }
})

Middleware on Express validating JWTs

const jwt = require("express-jwt");
const jwks = require("jwks-rsa");
const jwtAuthz = require("express-jwt-authz");
const dotenv = require("dotenv-safe");

dotenv.config();
const jwtCheck = jwt({
  secret: jwks.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`,
  }),
  audience: process.env.AUTH0_AUDIENCE,
  issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  algorithms: ["RS256"],
}).unless(ROUTES);
// unless is an array of public routes that are whitelisted from JWT middleware checks

module.exports = jwtCheck;

Have you compared the JWTs you get from local and deployed? Are they identical? You can easily decode them with jwt.io.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.