Custom API as audience - failed to fetch user profile

Hi,

I’m struggling to get my web app to login my users and issue the correct JWT.
Background: I have a web app which is using Auth0 for login/signup. The App uses Node JS as its backend, and the passport-auth0 library for handling the interaction with auth0

In Auth0, I have an application, and an API, the API is set up to use HS256 algorithm

I have a route set up called /auth/ which performs the below code:

passport.authenticate(‘auth0’, {
clientID: config.AUTH0_CLIENT_ID,
domain: config.AUTH0_DOMAIN,
redirectUri: config.AUTH0_CALLBACK_URL,
audience: ‘https://api-dev.mydomain.com’, // <- this is the value set in the API field “Identifier”
scope: ‘openid profile email’,
}),

Then, we have a /auth/callback route which does this:

router.get(
‘/callback’,
passport.authenticate(‘auth0’, {
failureRedirect: ‘/’,
}),
gotToDashboard // <- redirect to the dashboard page of the app
);

However, this does not work> When we start the loing flow, we see the Auth0 login page. If I select “Login with Google” and enter my credentials in the Google login interface, I then get redirected to my application , but I get the message :

{“status”:500,“message”:“failed to fetch user profile”}

When we try with a different set up, whereby we replace the audience from the custom API identifier, to the value “https://${config.AUTH0_DOMAIN}/userinfo” then the flow works correctly, but we get an id_token which has a RS256 algorithm, and not the HS256 we want

What are we missing ?

Many thanks
Greg

Hey there!

Sorry for such a delayed response! We’re doing our best in providing you with the best developer support experience out there but sometimes our bandwidth is just not enough for all the questions coming in. Sorry for the inconvenience!

Can you let us know if you still require further assistance from us?