Auth0 Home Blog Docs

Can someone help me authenticate users with Auth0?


I’ve been fighting with this for days, and I can’t figure it out. I’m trying to authenticate a Node app with Auth0. From my Node app, I keep getting “invalid algorithm” when I use an RS256 token with jwt.verify(token, AUTH0_SECRET, callback). My app is set to use RS256, and I verified that the token is, in fact, using RS256. That makes no sense, but I couldn’t think of any reason why I’d be getting that error, so I tried manually curling my way through the authentication process;

Visit Authorization URL in browser:
  scope=name profile email openid&

Get redirected to callback:


Exchange code for token:

curl --request POST \
  --url '' \
  --header 'content-type: application/json' \
  --data '{"grant_type":"authorization_code","client_id": "MY_CLIENT_ID","client_secret": "MY_CLIENT_SECRET","code": "MY_CODE","redirect_uri": "http://localhost:3000/callback"}'



Call the API:

curl --request GET \
  --url \
  --header 'authorization: Bearer MY_ACCESS_TOKEN' \
  --header 'content-type: application/json'

Get an invalid token response:

{"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}

What am I doing wrong? I’ve tried this several times, and I can’t figure out how to get anything other than a 401 or a 404.


When I use the manually generated access_token with jwt.verify in my app, I still get the “invalid algorithm” response.