I’m using auth0-spa-js and logging in from my API frontend. Everything seems to be good from an authentication perspective (I get logged in and can display my profile, navigate to protected resources, etc.). My issue comes in when I call getTokenSilently() to retrieve an access token for accessing the API backend.
Note that when I look in the Auth0 log, I see “Success Exchange” “Authorization Code for Access Token”
JWT tokens should be broken into three segments, each separated by a dot ("."). The value returned from getTokenSilently() is a 32-character string with no dots. When I pass this value to my API as a bearer token, it’s no surprise that it’s not getting decoded.
Any suggestions would be greatly appreciated.