Invalid access token nextjs

Hi, thanks for any help in advance.

If more detail is needed, I can provide any other information.

I have set up a Nextjs/Django project, and I have followed these tutorials and documentation to do so

  1. Auth0 Next.js SDK Quickstarts: Login

  2. nextjs-auth0/ at main · auth0/nextjs-auth0 · GitHub

What I believe is going wrong is that when I use the nextJS SDK to call getAccessToken, it returns an invalid access token. The reason I think this is because when I input the access token into’s debugger, I get an invalid token, and anytime I try to decode it in my program, it then returns an error. Through this post, I’m hoping to know if I’m following the correct workflow and, if I am, how I can get a valid access token.

I’m not sure I can post my access token here to show as I’m unsure of the security repercussions that might have, but my code to obtain the access token is shown below.

import { handleAuth } from '@auth0/nextjs-auth0';

export default handleAuth({
    login: handleLogin({
        authorizationParams: {
            audience: process .env.AUTH0_AUDIENCE,
            scope: 'openid profile email'
import { getAccessToken, withApiAuthRequired} from '@auth0/nextjs-auth0';

export default withApiAuthRequired(async function products(req, res) {
  const accessToken = await getAccessToken(req, res);
  if (!accessToken) {
    return res.status(401).json({ error: 'Unauthorized' });
  try {
    const response = await fetch('', {
      method: 'GET',
      headers: {
        Authorization: `Bearer ${accessToken}`,
    const data = await response.json();
    return res.status(200).json({ data });
  } catch (error) {
    return res.status(500).json({ error: 'Internal Server Error' });

Im positive this is the correct way to do it, but ANY help would be lovely!

Hey there @dessygil welcome to the community!

Thanks for the detailed description and code snippets :slight_smile: Are you positive the audience is being passed in the authorize request? When you run your app and attempt to login, you should be able to this param being passed by inspecting the authorize request in the Network tab:

Keep us posted!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.