Hello I am unable to make work the quickstart for nodejs api

I have followed the setup for the nodejs api . I have installed express-oauth2-jwt-bearer has the instruction show and I am have to get a token from auth0 to test . However when I try to send the token to my applciation I get the following error : InvalidTokenError: KeyObject or CryptoKey instances for asymmetric algorithms must not be of type “secret”

I search for infor and see that token signing alhorithm in my dashboar is RS256 and my local app is HS256 . I set both to RS256 nad now I get the error form my application : AssertionError [ERR_ASSERTION]: You must supply one of HS256, HS384, HS512 for ‘tokenSigningAlg’ to validate symmetrically signed tokens
at jwtVerifier .

Any idea how to solve this ?

Hello there @integration1 welcome to the community!

Do you mind sharing the specific documentation you’re following?

It sounds like the token you’re attempting to verify is still signed with HS256 - Can you confirm the API which you’re using for the audience param is also set to use RS256? If you navigate to the API configured in your dashboard Settings → Token Settings.

Keep us posted!

Hello .Thanks for answering . I have checked the configuration and the signing algorithm of my API is RS256. However I am no able to change it for something else.

1 Like

I am using the API example in tfor NODEjs using express-oauth2-jwt-bearer.
The API uses RS256.
My backend in node uses HS256.
express-oauth2-jwt-bearer does not allow me to use RS256.
The api in AUTH0 does not allow me to change RS256 for another type of signing.
Does this make sense ? I am missing somthing ?

1 Like

Thanks for following up! How are you initializing the library? Are you explicitly initializing it to use HS256? If you initialize the library similar to what I’ve linked above, it should use RS256 by default I believe.

If you want to share your code (redacting any sensitive information) I’d be happy to take a look :eyes:

Let us know!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.