Empty payload in JWT Authorization tokens - Audience IS defined (I think?)

login · September 14, 2023, 5:31pm

I’m currently developing a React Single Page Application (SPA) that uses Auth0 for authentication. I have successfully implemented login and logout features. However, when request an Authorization JWT with getTokenSilently() I am retrieving have an empty payload when decoded. For now I’m just logging it to my browsers console in a local test environment. For example: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtdzAxODFhcXNobGw1MDMzbC51cy5hdXRoMC5jb20vIn0…thF3uZU-GjTkcNVo.EQawZb4Ebgww3ZT-Pa73eoJ62qLQ0HSIswroGiecQZHGdZLw-953s6asccnawPD9HwSObZ3JcsbP8HAFarNf2p5Zrr2sbp4QvGxfB6RgpWZTxEK2Tntu7X7w9i_7z2Iw8c_3lUZPnHe0_4OLaHnPyetzk8_Pqm2-JcELrNIwvRPTD1QmdMsbyvz6_u9kANS181FH7wSyxtt5UP5Hu_BnQ3lmEQhB5yMvL42PjaAsoaclxEdQ0EQmcCRdnNrQVqnKadZumwvs2jQ-A-onQI9lL3rhlPEktJP8Sy-UyhRv-U_Az6MmY4D92-VRD_AjXhXLggV7iXMS8hZM9N_cDDCA5skg.Fuf3LqTHjNuCZj_fS8P8HQ
Issue Details:
Technology Stack: ReactJS with Auth0 SPA SDK
Auth0 SDK Version: @auth0/auth0-react": “^2.1.0”,
“@auth0/auth0-spa-js”: “2.0.3”,
Browser: Tried on multiple browsers including Chrome and Safari, and also in Incognito mode Error Messages: None
Steps to Reproduce:
User logs in via Auth0.
React App retrieves the token.
React App writes writes the token to console for debugging purposes.

Code Snippets:

auth-provider.js app.js

What I have Tried:
Logged in and out multiple times, also in incognito mode in case of cacheing.
Checked Auth0 Dashboard logs for any signs of errors or irregularities.
Ensured that the Auth0Client object is initialized with an audience, which is an API that I crated in the Auth0 Dashboard. Reviewed and followed Auth0 SPA SDK documentation - though I am a beginner and most likely have something configured wrong.

rueben.tiow · September 14, 2023, 8:11pm

Hi @login,

Have you made sure that your auth0_config.json file has included your audience?

If not, you could always override it by passing it in the getTokenSilently() method:

const token = await getAccessTokenSilently({
  authorizationParams: {
    audience: 'https://api.example.com/',
    scope: 'read:posts',
  }

(Reference: https://github.com/auth0/auth0-react/blob/main/EXAMPLES.md#call-an-api)

Please let me know how it goes for you.

Thanks,
Rueben

login · September 14, 2023, 9:21pm

Thanks so much for the help!
I have made sure to explicitly state it, but that did not change the result. One thing to note - I’m using the auth0-spa-js library in my auth-provider.js code that I shared. Could that have an impact on how I should be getting the token?

rueben.tiow · September 18, 2023, 3:42pm

Hi @login,

Can you please verify that the audience is set by decoding your JWT token on jwt.io and see if there is a value set for the aud claim?

Thanks,
Rueben

system · October 2, 2023, 3:43pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.