Hi,
I’m struggling to get my web app to login my users and issue the correct JWT.
Background: I have a web app which is using Auth0 for login/signup. The App uses Node JS as its backend, and the passport-auth0 library for handling the interaction with auth0
In Auth0, I have an application, and an API, the API is set up to use HS256 algorithm
I have a route set up called /auth/ which performs the below code:
passport.authenticate(‘auth0’, {
clientID: config.AUTH0_CLIENT_ID,
domain: config.AUTH0_DOMAIN,
redirectUri: config.AUTH0_CALLBACK_URL,
audience: ‘https://api-dev.mydomain.com’, // ← this is the value set in the API field “Identifier”
scope: ‘openid profile email’,
}),
Then, we have a /auth/callback route which does this:
router.get(
‘/callback’,
passport.authenticate(‘auth0’, {
failureRedirect: ‘/’,
}),
gotToDashboard // ← redirect to the dashboard page of the app
);
However, this does not work> When we start the loing flow, we see the Auth0 login page. If I select “Login with Google” and enter my credentials in the Google login interface, I then get redirected to my application , but I get the message :
{“status”:500,“message”:“failed to fetch user profile”}
When we try with a different set up, whereby we replace the audience from the custom API identifier, to the value “https://${config.AUTH0_DOMAIN}/userinfo” then the flow works correctly, but we get an id_token which has a RS256 algorithm, and not the HS256 we want
What are we missing ?
Many thanks
Greg