Auth0 Home Blog Docs

Can someone help me authenticate users with Auth0?


#1

I’ve been fighting with this for days, and I can’t figure it out. I’m trying to authenticate a Node app with Auth0. From my Node app, I keep getting “invalid algorithm” when I use an RS256 token with jwt.verify(token, AUTH0_SECRET, callback). My app is set to use RS256, and I verified that the token is, in fact, using RS256. That makes no sense, but I couldn’t think of any reason why I’d be getting that error, so I tried manually curling my way through the authentication process;

Visit Authorization URL in browser:

https://MY_DOMAIN.auth0.com/authorize?
  audience=https://MY_DOMAIN.auth0.com/api/v2/&
  scope=name profile email openid&
  response_type=code&
  client_id=MY_CLIENT_ID&
  redirect_uri=http://localhost:3000/callback&
  state=ARBITRARY_VALUE

Get redirected to callback:

http://localhost:3000/callback?code=MY_CODE&state=ARBITRARY_VALUE

Exchange code for token:

curl --request POST \
  --url 'https://MY_DOMAIN.auth0.com/oauth/token' \
  --header 'content-type: application/json' \
  --data '{"grant_type":"authorization_code","client_id": "MY_CLIENT_ID","client_secret": "MY_CLIENT_SECRET","code": "MY_CODE","redirect_uri": "http://localhost:3000/callback"}'

Response:

{"access_token":"MY_ACCESS_TOKEN","expires_in":86400,"token_type":"Bearer"}

Call the API:

curl --request GET \
  --url https://MY_DOMAIN.auth0.com/api/v2/users \
  --header 'authorization: Bearer MY_ACCESS_TOKEN' \
  --header 'content-type: application/json'

Get an invalid token response:

{"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}

What am I doing wrong? I’ve tried this several times, and I can’t figure out how to get anything other than a 401 or a 404.


#3

When I use the manually generated access_token with jwt.verify in my app, I still get the “invalid algorithm” response.