Auth0 Home Blog Docs

Can't get custom authorizer to work


I’ve been following the tutorial for custom authorizers for AWS’ API Gateway here:

At step three I’m having issues when I run npm test, I get this error returning (I’ve put in xxxxx to replace real info):

START RequestId: 126370da-b303-e702-e270-606fa50a2e3e
{ type: ‘TOKEN’,
_ authorizationToken: ‘Bearer xxxxxx’,_
_ methodArn: ‘arn:aws:execute-api:ap-southeast-2:xxxxx:xxxxx/*/GET/pets’ }_
_ var kid = decoded.header.kid;_
_ ^_

TypeError: Cannot read property ‘header’ of null
_ at Object.module.exports.authenticate (/Users/xxxxx/Downloads/jwt-rsa-aws-custom-authorizer-master/lib.js:53:22)_
_ at Object.module.exports.handler (/Users/xxxxx/Downloads/jwt-rsa-aws-custom-authorizer-master/index.js:8:7)_
_ at /Users/xxxxx/Downloads/jwt-rsa-aws-custom-authorizer-master/node_modules/lambda-local/bin/lambda-local:61:27_
_ at Object. (/Users/xxxxx/Downloads/jwt-rsa-aws-custom-authorizer-master/node_modules/lambda-local/bin/lambda-local:63:3)_
_ at Module.compile (module.js:409:26)
_ at Object.Module.extensions…js (module.js:416:10)
_ at Module.load (module.js:343:32)_
_ at Function.Module.load (module.js:300:12)
_ at Function.Module.runMain (module.js:441:10)_
_ at startup (node.js:139:18)_

My .env file looks like this

copy this file to .env and fill in the


One part I’m not totally sure which may be causing the problem is is the audience line in .env, under my API’s settings in auth0 is this meant to be “Id” eg. the randomly generated Id or the “Identifier”, the URL which you specify when creating the API?

Or is my issue related to something else?


You are correct with regards to the identifier of your API being the audience you should use when you request the access token.

Judging from the error you shared, it seems your authorizer is unable to decode the token. This will only occur if the token is not a valid JWT. Are you sure that you are in fact sending a JWT and not an opaque access token instead?

Keep in mind that if you haven’t specified an audience or have specified the userinfo endpoint as your audience, you will receive an opaque access token rather than a JWT.


Hi Richard,

Thanks for the response - its quite strange, the token from the Test page for the API came back as valid but when using that as the Bearer in the event.json file I would get the error above. I performed the cURL command in terminal with the example on the Test page and used the access token from that and npm test then worked.

Strange but I think I can move forward now, thank you for your assistance!