Hi everyone,
I’m trying to set up a Vue3 SPA with a NestJS API in the back. I set up my Auth0 tenant and client to integrate with the SPA and plan to send the resulting JWTs to my API. In my SPA, I use the vue-auth0-plugin, which uses @auth0/auth0-spa-js under the hood.
I have successfully set up the Auth Code with PKCE flow, up to the point where I receive id, access and refresh tokens. However, something is wrong with the access token and I cannot understand why it is happening. The payload is invalid JSON and the token contains 2 consecutive .. When I paste the token into jwt.io, the header is decoded as follows:
{
"alg": "dir",
"enc": "A256GCM",
"iss": "https://xyz.auth0.com/"
}
I would be expecting:
{
"alg": "RS256",
"typ": "JWT",
"kid": "w1-e..."
}
I have not enabled JWT encryption as far as I know (I used the wizard to set up the SPA client), could anyone point out to me what I am missing? For the sake of completeness, this is the format of my auth request:
https://xyz.auth0.com/authorize
?client_id=REq...
&redirect_uri=http%3A%2F%2Flocalhost%3A1337
&scope=openid%20profile%20email
&response_type=code
&response_mode=query
&state=a2...
&nonce=bT...
&code_challenge=GjSw...
&code_challenge_method=S256
&auth0Client=eyJu...
Many thanks in advance,