Empty Payload in Access Token with Next.js

collin1 · May 25, 2023, 2:29pm

Hello, I’m using Auth0 to allow users to login with Google SSO in a nextjs application. I need to validate the user with the backend of the application. That being said, auth0 is returning an opaque access token even though I have included https://{tenant}.auth0.com/api/v2/ as the AUTH0_AUDIENCE .env variable (which is in turn being included as a query param to the /authenticate endpoint). How can I ensure that the payload of the JWT is not empty?

Here’s the code that I’m using to parse the access token on the backend:

export async function getUser() {
  const sessionCookies = await cookies();
  const token = sessionCookies.get('appSession');
  if (token == null) {
    redirect('/api/auth/login');
  }
  return jwt.decode(token['value'], process.env.AUTH0_CERT);
}

This function returns null because the JWT payload is empty.

Collin

tyf · May 25, 2023, 9:36pm

Hi there @collin1 welcome to the community!

Do you mind grabbing a sample access token, pasting it in jwt.io and sharing the result here? Please redact any sensitive information.

Thanks!

collin1 · May 26, 2023, 12:06pm

Sure thing. Here’s a link.

tyf · May 26, 2023, 11:09pm

Hey thanks @collin1!

That looks to be an opaque token like you mentioned - Are you positive an audience param is getting passed?

collin1 · May 27, 2023, 2:04pm

Yes.

https://dev-aoeuaoeuaoeuaoeu.us.auth0.com/authorize?client_id=aoeuaoeuaoeuaoeuaeou&scope=openid%20profile%20email&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2Fdev-aoeuaoeuaoeuaoeu.us.auth0.com%2Fapi%2Fv2%2F&nonce=aoeuaoeuaoeuaoeuaoeu&state=aoeuaoeuaoeuaeouaoeu&code_challenge=aoeuaoeuaoeuaoeuaeou&code_challenge_method=S256