Empty JWT payload in accessToken is not valid

alex2020 · September 4, 2023, 5:07am

Hello,
I’m using react sdk, the login works and I get an accessToken. But when I want to use this accessToken with my backend (C#) it doens’t work. When I check the token using jwt.io I get the warning “Looks like your JWT payload is not a valid JSON object. JWT payloads must be top level JSON objects as per
RFC 7519 - JSON Web Token (JWT)”

I already have the api audience in the login call:
loginWithRedirect({
authorizationParams: {
audience: “http://localhost:5268/”
},
});

And then I use “getAccessTokenSilently” to get the access token. And finally I add the access token as a bearer token to the api request.

This is my accessToken:
eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtZ2ZpcmNlNHUwZ2loMGd2dy51cy5hdXRoMC5jb20vIn0…5OCR8HUSoFSYd3x6.OrLuo7JOeBj9GetnupHMYefcSu-WnePkhfRzk-efCapjLfbPM8sTDwZS3HeOVMI1uaDKPKbt7ilnuLBDSVo747KVTiMFulRJJhXFM69VMHw6xP5v_6rP0LII_CZjEY3PTZHrmWEL9DkKpOzewLEhNf2h3KIPHn6RW8Txb9SWh7N1WOU_XGaCz19Fuye-rDT_n6MfAH3pyjYBFXFKpwvK8W1zheMYpG8d7fdaOdsYV8wq-ApnDs0kKFhUGz__xINT2alFPuuLlAAnhogLphHFMgQ4ONboOtIk1Oj1z1lT3WQcIBQFf8X6LcQCWNvYjSURxlPG60x5OFXrFYcfZ-mPSeOX.8tHPP63eddlX6VlI7qraVg

What am I missing? How can I get a valid accessToken with a valid JSON as a payload?

alex2020 · September 8, 2023, 5:19am

Anyone from the auth0 can reply to this thread?

tyf · September 8, 2023, 11:33pm

Hey @alex2020 welcome to the community!

I just glanced at your tenant and it looks like http://localhost:5268/ is indeed registered properly in Auth0. It sounds like this is the access token you are getting via auth0-react in your own app? Have you attempted to reproduce using the sample app? I just created an API with the same identifier and am getting a valid non-opaque access token back in the sample app. I recommend giving it a go as it will remove any application specific variables that might be in play here.

Let us know!

alex2020 · September 11, 2023, 2:53am

Thanks for your suggestion @tyf.
I tried it with the sample app and it worked. The difference between the sample app and my app was that I was passing the audience to the loginWithRedirect method while the sample app passed this value to the Auth0Provider. After I did this change in my app it started working.
The documentation on this is not very clear but at least it’s working now
Thanks for your help!

tyf · September 12, 2023, 7:35pm

Ahh, gotcha - Thanks for clarifying! That’s odd that it wasn’t working with loginWithRedirect as I believe it should given it’s passed in authorizationParams. Regardless, I’m happy to hear you got it working and sorry for the confusion!

system · September 26, 2023, 7:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.