Auth0 Home Blog Docs

Expired token received for JSON Web Token validatio

api
wordpress-login-with
create-user
unauthorized

#1

I’m trying to create new user with WP_Auth0_Api_Client::create_user( ) API call, but having “Expired token received for JSON Web Token validation” error:

{"statusCode":401,"error":"Unauthorized","message":"Expired token received for JSON Web Token validation","attributes":{"error":"Expired token received for JSON Web Token validation"}}

Do I need to update ‘auth0_app_token’ somehow? Is there Token Expiration Time? What is the workflow?


#2

That method which if I recall correctly is used during the setup wizard will require a valid Auth0 Management API token so if you’re trying to somehow rerun the wizard after the token you initially provided expired then you should try what you mentioned and update the API token with a non-expired one. In relation to the expiration time there is indeed one, but is configurable so the actual value will depend on your current configuration.

You can manually get a token for the Management API by following this procedure if your intentions are just to be able to run the wizard.


#3

Thanks for the info! The error gone after creating JWT manually:

JWT::encode($payload, $a0_options->get('client_secret'));

But I’ll keep your advice in mind!
Now I’m facing another issue: {“statusCode”:401,“error”:“Unauthorized”,“message”:"Bad audience: "}

Need to investigate…

PS I’m not using a Wizard, but the API to create new user on Auth0 side


#4

Thanks for the info! The error gone after creating JWT manually:

JWT::encode($payload, $a0_options->get('client_secret'));

But I’ll keep your advice in mind!
Now I’m facing another issue: {“statusCode”:401,“error”:“Unauthorized”,“message”:"Bad audience: "}

Need to investigate…

PS I’m not using a Wizard, but the API to create new user on Auth0 side


#5

If the use case is doing a custom registration form where any user can signup (aka the associated connection allows sign ups) then you may consider calling the public signup API directly as that would not require any token and could simplify your process.


#6

This is cool API,but it creates entry with email_verified = false which is not what I need.


#7