Hi!
Thanks for the great docs. I’m building a secured API with Auth0 on Rails 6 and have followed the Rails 6 tutorial. Am testing with test tokens for my application. I am just using authorisation not authentication.
When testing secured endpoints, I was getting unauthorised access repeatedly so I debugged my code as far as I could & traced the problem to the verify method.
Specifically the error is
{
"message": "Signature verification raised"
}
If I set the third parameter in JWT.decode to false, everything works out.
But this is not OK, I want to verify the JWT.
So what could be going wrong? I have checked that the domain and audience are exactly in my code as they are in the auth0 issues JWTs, down the the trailing slash in the domain. I found some people having similar issues online but not a satisfying answer!
If I follow the jwts link (https://dev-lmzlz5ay.us.auth0.com/.well-known/jwks.json) I get a public key, and it does seem to process it (I verified this with a logger), but something fails in the verification step.
If I try the JsonWebToken.verify() method out on the console with a test token from auth0, it verifies & returns the token just fine.
But it doesn’t do so with http requests using postman or curl.
Sorry, am a bit new with all of this!
Happy to post any necessary snippets or logs.
All the best,
Inti