Auth0 Home Blog Docs

Custom API as audience - failed to fetch user profile

audience
#1

Hi,

I’m struggling to get my web app to login my users and issue the correct JWT.
Background: I have a web app which is using Auth0 for login/signup. The App uses Node JS as its backend, and the passport-auth0 library for handling the interaction with auth0

In Auth0, I have an application, and an API, the API is set up to use HS256 algorithm

I have a route set up called /auth/ which performs the below code:

passport.authenticate(‘auth0’, {
clientID: config.AUTH0_CLIENT_ID,
domain: config.AUTH0_DOMAIN,
redirectUri: config.AUTH0_CALLBACK_URL,
audience: ‘https://api-dev.mydomain.com’, // <- this is the value set in the API field “Identifier”
scope: ‘openid profile email’,
}),

Then, we have a /auth/callback route which does this:

router.get(
‘/callback’,
passport.authenticate(‘auth0’, {
failureRedirect: ‘/’,
}),
gotToDashboard // <- redirect to the dashboard page of the app
);

However, this does not work> When we start the loing flow, we see the Auth0 login page. If I select “Login with Google” and enter my credentials in the Google login interface, I then get redirected to my application , but I get the message :

{“status”:500,“message”:“failed to fetch user profile”}

When we try with a different set up, whereby we replace the audience from the custom API identifier, to the value “https://${config.AUTH0_DOMAIN}/userinfo” then the flow works correctly, but we get an id_token which has a RS256 algorithm, and not the HS256 we want

What are we missing ?

Many thanks
Greg