Invalid access_token

sylvaingirard · March 12, 2020, 10:09pm

Hi,

Since a couple of days I’m getting invalid access_tokens. It’s in this form 41-NESMPfNb39I7xbG0JyXiB6yDM-1Yw and I don’t seem to have changed anything that might have caused this. The that initiates authentication is an Angular SPA using code grant with the angular-auth-oidc-client package for authentication. I’m not getting any errors and the id_token looks fine.

jatinvaidya · March 12, 2020, 11:57pm

Hi @sylvaingirard,

Welcome to the community!
Do you mean to say that earlier you received JWT format access_tokens in your app, and recently started receiving opaque access_tokens?

Also, what makes you say those access_tokens are “invalid” (especially since you are not getting any errors)? Auth0 Authorization Server returns a JWT format access_token only when you specify an audience=my-custom-api-identifier parameter in your authorization request. Otherwise an opaque access_token is returned which is only good for use on your tenant’s /userinfo endpoint.

sylvaingirard · March 13, 2020, 7:26am

Hi,

Sorry for being a bit unclear. I actually meant that it’s not a valid JWT token. Adding the audience to the token request seems to be going wrong indeed, which was also the case some time ago.

Thanks for the pointer.

system · March 28, 2020, 7:26am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Invalid access token Help identifier-first , login-experience	4	1635	April 7, 2023
Authentication with SPA and API Help jwt , auth0	2	4041	September 17, 2020
Why my Api cannot validate access_token sent by my Angular app Help auth0	4	1632	June 16, 2022
JWT access token invalid Help access-token , jwt-validation , invalid , access , resource-owner-passw	2	5652	July 25, 2019
Generated JWT token is invalid Help management-api , keys	2	3576	January 23, 2023

Invalid access_token

Related Topics