Can someone help me authenticate users with Auth0?

I’ve been fighting with this for days, and I can’t figure it out. I’m trying to authenticate a Node app with Auth0. From my Node app, I keep getting “invalid algorithm” when I use an RS256 token with jwt.verify(token, AUTH0_SECRET, callback). My app is set to use RS256, and I verified that the token is, in fact, using RS256. That makes no sense, but I couldn’t think of any reason why I’d be getting that error, so I tried manually curling my way through the authentication process;

Visit Authorization URL in browser:
  scope=name profile email openid&

Get redirected to callback:


Exchange code for token:

curl --request POST \
  --url '' \
  --header 'content-type: application/json' \
  --data '{"grant_type":"authorization_code","client_id": "MY_CLIENT_ID","client_secret": "MY_CLIENT_SECRET","code": "MY_CODE","redirect_uri": "http://localhost:3000/callback"}'



Call the API:

curl --request GET \
  --url \
  --header 'authorization: Bearer MY_ACCESS_TOKEN' \
  --header 'content-type: application/json'

Get an invalid token response:

{"statusCode":401,"error":"Unauthorized","message":"Invalid token","attributes":{"error":"Invalid token"}}

What am I doing wrong? I’ve tried this several times, and I can’t figure out how to get anything other than a 401 or a 404.

When I use the manually generated access_token with jwt.verify in my app, I still get the “invalid algorithm” response.

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?