I’ve been fighting with this for days, and I can’t figure it out. I’m trying to authenticate a Node app with Auth0. From my Node app, I keep getting “invalid algorithm” when I use an RS256 token with jwt.verify(token, AUTH0_SECRET, callback). My app is set to use RS256, and I verified that the token is, in fact, using RS256. That makes no sense, but I couldn’t think of any reason why I’d be getting that error, so I tried manually curling my way through the authentication process;
Visit Authorization URL in browser:
https://MY_DOMAIN.auth0.com/authorize?
audience=https://MY_DOMAIN.auth0.com/api/v2/&
scope=name profile email openid&
response_type=code&
client_id=MY_CLIENT_ID&
redirect_uri=http://localhost:3000/callback&
state=ARBITRARY_VALUE
Get redirected to callback:
http://localhost:3000/callback?code=MY_CODE&state=ARBITRARY_VALUE
Exchange code for token:
curl --request POST \
--url 'https://MY_DOMAIN.auth0.com/oauth/token' \
--header 'content-type: application/json' \
--data '{"grant_type":"authorization_code","client_id": "MY_CLIENT_ID","client_secret": "MY_CLIENT_SECRET","code": "MY_CODE","redirect_uri": "http://localhost:3000/callback"}'
Response:
{"access_token":"MY_ACCESS_TOKEN","expires_in":86400,"token_type":"Bearer"}
Call the API:
curl --request GET \
--url https://MY_DOMAIN.auth0.com/api/v2/users \
--header 'authorization: Bearer MY_ACCESS_TOKEN' \
--header 'content-type: application/json'
Get an invalid token response:
{"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}
What am I doing wrong? I’ve tried this several times, and I can’t figure out how to get anything other than a 401 or a 404.