Hello Auth Community!
I’ve just started using Auth0 and its really cool, but im running into some issues.
My main issue is that I have a react client-side app that is saving the jwt token on user login - which is great. However when I try to fetch data from my separate Node API - the route that is supposed to validate the token is giving me errors.
If I have my node api using this first type of authentication, I get an error:
UnauthorizedError: secret or public key must be provided
BUT, if I use this second form of validation, it works. My concern is that Im not 100% sure its as secure. If there is no token - this validation give me this error when the token is not valid:
UnauthorizedError: jwt malformed
Here is my lock file on react:
And here is my api call in react:
So do I need to make the first option work for better security, if so how? Is the second option of api validation just as good? I feel like I’ve looked at over 100 tutorials over the last 2 days and they are either out of day, or just are not easy to follow. Im using the most current version of Auth0.
Looking for any help - thank you.