Auth0 Home Blog Docs

How can I fix "error: Unhandled server exception: secret or public key must be provided"

api
user-management

#1

I am trying to use the user management API to get the users and their app_metadata.

I have generated a non-interactive client and added the scopes “read:user_idp_tokens” and “read:users”. The client secret and ID are being sent using the quick start code for jwt-express like:

const checkJwt = jwt({
   secret: jwksRsa.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`,
   }),

   // Validate the audience and the issuer.
   audience: process.env.AUTH0_AUDIENCE,
   issuer: `https://${process.env.AUTH0_DOMAIN}/`,
   algorithms: 'RS256'],
   getToken: getTokenFromRequest,
});

However I get this error “error: Unhandled server exception: secret or public key must be provided” which has been reported by other users here and here but I don’t see a solution.

Please, how can I fix this issue?


#2

It seems to be an issue with the issuer param because I have a tenant that is still under the free trial and this functionality works but for my paid tenant it doesn’t.


#3

When I used the tenant with the trial account I get the error { statusCode: 401, error: 'Unauthorized', message: 'Bad audience: https://domain.com/dev' }Maybe because I’m trying to use the Management API v2 with a test account.


#4

Hi @peter.banjo

You might find this useful
[https://community.auth0.com/questions/2068/api-quickstart-error-unauthorizederror-secret-or-p]


#5

Thanks for the suggestion. Yes, I’ve read that question and I looked in my node_modules/ folder to see if there were any dependencies overriding the Array.prototype.find and didn’t find any.


#6

You mention “I am trying to use the user management API to get the users and their app_metadata.” and “I have generated a non-interactive client and added the scopes “read:user_idp_tokens” and “read:users”.” This should be requested using the client_credentials grant, as you can see here: https://auth0.com/docs/api/management/v2/tokens

The error you mention is likely an issue with either the Issuer or the Audience you have specified, because we don’t block access to the management api for any type of accounts.