HTTP 401 /userinfo

nurlan.nurmanov · June 14, 2017, 1:32pm

I am not sure, but I can’t get AUTH0 to work stably. Always, I get some strange errors and it takes hours to troubleshoot. Today, I suddenly started to get the following issue.

www-authenticate:Bearer realm=“Users”, error=“invalid_token”, error_description=“The access token signature could not be validated. A common cause of this is requesting multiple audiences for an access token signed with HS256, as that signature scheme requires only a single recipient for its security. Please change your API to employ RS256 if you wish to have multiple audiences for your access tokens”
x-auth0-requestid:a14ff0c522da7946d3be

I have changed tp HS256 and back, no result.

jmangelo · June 14, 2017, 6:38pm

I’m afraid with the information you provided I can’t provide you with more specific guidance than what’s included in the error message.

You should refer to this previous answer to a related question or include more information, in particular, sufficient information about the access token that leads to the error. Based on the error, the access token seems to be a JWT so you can include the header and payload part of the token in your question (you can mask some of the info that is account specific). The interesting part to know would be which audiences the access token contains and the signature method.

Topic		Replies	Views
401 on /userinfo Help	4	7116	September 3, 2019
Cannot get the correct token from browser to get userinfo call Help management-api , users	6	512	April 23, 2024
Passing 1 audience to get access_token request, but returned access_token has 2 audience Help jwt	6	2760	April 12, 2022
401 Unauthorized on /userinfo for some tokens Help api , userinfo	0	3762	November 22, 2021
Invalid access token Help identifier-first , login-experience	4	1654	April 7, 2023

HTTP 401 /userinfo

Related topics