Generated JWT token is invalid

I’m generating a JWT token using the following:

tcurl --request POST \
  --url 'https://dev-tce1ggxc6lqxphjc.eu.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=MY_CLIENT_ID \
  --data client_secret=MY_CLIENT_SECRET \
  --data audience=MY_API_AUDIENCE

When I paste this into jwt.io/, I get invalid signature.

Hi @KSADeBiekorf

Welcome to the Auth0 Community.

You may be receiving an opaque access token, which is not formatted as a JWT and would throw this error when pasted into jwt.io. An easy way to determine if you’re dealing with an opaque token is if you see two consecutive periods (..) in the string that’s returned.

Generally, opaque access tokens are returned when no audience is specified. Although, since it appears you are passing an audience value, this may indicate a misconfiguration of your API. Ensure that you’ve authorized your application (MY_CLIENT_ID) to receive an access token from the API under the Machine to Machine Applications tab of it’s settings and that your passing the value of it’s unique Identifier in your request.

https://auth0.com/docs/secure/tokens/access-tokens#opaque-access-tokens

1 Like

This topic was automatically closed after 9 days. New replies are no longer allowed.