Cannot read headers on tokens

lightscalar · October 15, 2020, 8:12pm

I have a Vue.js SPA and is trying to communicate with a Python (FastAPI) backend API. Unfortunately, I am unable to decode the token headers.

In particular, the line

unverified_header = jwt.get_unverified_header(token)

is failing with an error,

jose.exceptions.JWTError: Error decoding token headers.

I am getting the token on the clientside with a call to:

const token = await this.$auth.getTokenSilently();

as indicated in the documentation. However, the token which this generates (and which is successfully passed to the Python side" looks something like,

R4TKoadKGx5YOgiggTNqr0xAEwFHm4Xg

Which looks not much like JWTs that I’ve worked with previously. Am I missing something here?

Thanks,

sidharth.chaudhary · October 15, 2020, 10:09pm

Hey @lightscalar, Welcome to the Auth0 Community!

This looks like an opaque access token:
Opaque token is a form of Access token which is provided if you have not added an “Audience” Parameter in the /authorize request. If you add an audience parameter it will provide you a JWT token. Without audience it will be an opaque token

konrad.sopala · October 16, 2020, 1:32pm

Thanks Sidharth for providing the explanation on the difference of those.

system · October 31, 2020, 1:33pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.