Can't Validate Token w/JWT

botgpt · May 22, 2023, 12:30am

I’ve been trying to validate a token with the code below, and I get the message “jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed”. I also put the token in https://jwt.io/ and it says that there’s an invalid signature. But I can send the token to the userinfo endpoint, /userinfo, and I get my user info. Just trying to figure out why it appears to not be an RS256 encoded token. I looked through my advanced settings for my app and it says it’s RS256. I still get the same error message in the code below if I put “A256GCM” in “algorithms” in the code below. But that’s what jwt.io says it is.

try:
payload = jwt.decode(
access_token,
AUTH0_CLIENT_SECRET,
algorithms=“RS256”,
options={“verify_exp”: True} # Verify token expiration
)
logger.info(f’payload: {payload}‘)
current_user = payload[‘sub’]
logger.info(f’current_user: {current_user}’)

tyf · May 26, 2023, 11:13pm

Hey there @botgpt welcome to the community!

The fact that you are unable to use this token against /userinfo leads me to believe it’s an opaque token you’re working with. This thread should help:

Cheers!

botgpt · May 27, 2023, 12:32am

Yes, that was the case. Got help from Auth0 support and got it sorted out. Got some example code working right away, but getting it to work in my code was not as easy. But I eventually got it working. Thanks.

tyf · May 28, 2023, 3:53pm

Thanks for following up with the community!

system · June 11, 2023, 3:54pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.