I’ve been trying to validate a token with the code below, and I get the message “jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed”. I also put the token in https://jwt.io/ and it says that there’s an invalid signature. But I can send the token to the userinfo endpoint, /userinfo, and I get my user info. Just trying to figure out why it appears to not be an RS256 encoded token. I looked through my advanced settings for my app and it says it’s RS256. I still get the same error message in the code below if I put “A256GCM” in “algorithms” in the code below. But that’s what jwt.io says it is.
The fact that you are unable to use this token against /userinfo leads me to believe it’s an opaque token you’re working with. This thread should help:
Yes, that was the case. Got help from Auth0 support and got it sorted out. Got some example code working right away, but getting it to work in my code was not as easy. But I eventually got it working. Thanks.