Auth0 Home Blog Docs

Bearer error="invalid_token", error_description="The issuer is invalid"

jwt
auth0

#1

I verified a token is created to angular 6 front end from core 2.1. When I test the token in the jwt.io it states invalid signature. The token only has two parts instead of three

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.kGNaN8uYkQjvostoDz6gPO5nC1j_89eImltCG5pLX8U

I also get an error in the angular browser:

Bearer error=“invalid_token”, error_description=“The issuer is invalid”


#2

Hi Denise. Who is issuing the token here?


#3

This is easier than cut/pasting code here https://github.com/DeniseJames/net2.1_angular6_jwt

I am learning from a lynda.com course. I asked this question on stackoverflow and one person commented that he used my code and he did not have an issue. I noticed on stackoverflow questions and replies about angular/net are voted down quite a bit. I had to even get a new stackoverflow account because I lost so m any points on my first two questions on angular.


#4

Here is the stackoverflow question I posted https://stackoverflow.com/questions/52864071/net-core-2-1-bearer-was-not-authenticated-error-in-controller?noredirect=1#comment92649526_52864071


#5

Hi Denise. Sorry, but unfortunately I’m not really clear on what you are trying to accomplish here. I couldn’t find any reference to Auth0 in the GH repo. The token you shared in the first question definitely doesn’t come from Auth0. Its payload is empty, and it doesn’t contain the crypto signature.

If you are trying to use the JwtBearerAuthentication middleware in a .Net Core app (which looks for a JWT token as a mean of authorizing each request to the API), then you need to have a valid token issuer (like Auth0).

The basic flow would be like this:

  • The client application (your Angular app) requests a token from an authorization server (like Auth0).
  • The authorization server authenticates the user, ask for consent if required and returns a signed token to the client application
  • The client application makes a request to the backend API, putting the token in the Authorization header.
  • The backend API (with the JwtBearerAuthentication middleware) validates the token (issuer, expiration, audience, signature) and, if valid, authorizes the request.

If you are looking to use Auth0 to issue the access token, then see these tutorials: ASP.Net Core backend API and Angular 2+ SPA.