Invalid access_token


Since a couple of days I’m getting invalid access_tokens. It’s in this form 41-NESMPfNb39I7xbG0JyXiB6yDM-1Yw and I don’t seem to have changed anything that might have caused this. The that initiates authentication is an Angular SPA using code grant with the angular-auth-oidc-client package for authentication. I’m not getting any errors and the id_token looks fine.

Hi @sylvaingirard,

Welcome to the community!
Do you mean to say that earlier you received JWT format access_tokens in your app, and recently started receiving opaque access_tokens?

Also, what makes you say those access_tokens are “invalid” (especially since you are not getting any errors)? Auth0 Authorization Server returns a JWT format access_token only when you specify an audience=my-custom-api-identifier parameter in your authorization request. Otherwise an opaque access_token is returned which is only good for use on your tenant’s /userinfo endpoint.


Sorry for being a bit unclear. I actually meant that it’s not a valid JWT token. Adding the audience to the token request seems to be going wrong indeed, which was also the case some time ago.

Thanks for the pointer.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.