Invalid access token returned by Nuxt auth0/auth0-nuxt useAuth0 composable

Get Help
,
1

Hello,

I am trying to get an access token in my Nuxt app using the auth0-nuxt SDK. I understand that it is still in beta version.

I implemented login and logout successfully, and now am trying to get an access token to include it in my API requests. The docs on Github mention that I only need to setup in my nuxt.config.ts the environment variables:

If you need to call an API on behalf of the user, you want to specify the audience parameter when registering the runtime configuration for the auth0 module. This will make the SDK request an access token for the specified audience when the user logs in.

runtimeConfig: {
  auth0: {
    domain: '<AUTH0_DOMAIN>', // is overridden by NUXT_AUTH0_DOMAIN environment variable
    clientId: '<AUTH0_CLIENT_ID>', // is overridden by NUXT_AUTH0_CLIENT_ID environment variable
    clientSecret: '<AUTH0_CLIENT_SECRET>', // is overridden by NUXT_AUTH0_CLIENT_SECRET environment variable
    sessionSecret: '<SESSION_SECRET>', // is overridden by NUXT_AUTH0_SESSION_SECRET environment variable
    appBaseUrl: '<APP_BASE_URL>', // is overridden by NUXT_AUTH0_APP_BASE_URL environment variable
    audience: '<AUTH0_AUDIENCE>', // is overridden by NUXT_AUTH0_AUDIENCE environment variable
  },
}

Retrieving the token can be achieved by using getAccessToken using the server-side composable useAuth0:

const auth0Client = useAuth0(event);
const accessTokenResult = await auth0Client.getAccessToken();
// You can now use `accessTokenResult.accessToken`

Which I did. For testing purposes only, I return my access token and the audience to the client side (since the composable is a server-side composable) for verification. The audience looks correct, it matches the one I have configured, which makes me assume it is getting sent in the request to get a token.

The token is retrieved successfully after the user logs in, as well as the audience (which is my API’s identifier). However, the returned token is not a valid JWT token. It seems like it’s returning a JWE token. I checked my API settings, and JWE is turned off.

Any idea on what I could be missing here?

Thanks!