"invalid credentials" calling userinfo

Hello
I’m trying to call the userinfo API by passing an accesstoken via Bearer as shown in the screen.

Annotation 2020-05-22 115013|690x275

The token is obtained via a SPA applicationion using angular-oauth2-oidc settings audience like this

export const authConfig: AuthConfig = {
  strictDiscoveryDocumentValidation: false,
  issuer: environment.auth0Issuer,
  redirectUri: window.location.origin + '/auth',
  clientId: environment.auth0ClientId,
  scope: 'openid profile email',
  silentRefreshRedirectUri: window.location.origin + '/silent-refresh.html',
  timeoutFactor: 0.5,
  waitForTokenInMsec: 0,
  customQueryParams: { audience: environment.auth0Audience }
};

I decode the token via jwt.io and I know that the aud parameter is set with the ClientID and not with the Audience parameter? Is it normal?

Is it possible that the userinfo API problem is due to this?

Thanks

Hi @marco.maroni,

Welcome to the Community!

If you haven’t seen it already, we have a js SDK that simplifies things quite a bit. Here is an implementation with Angular.

For your setup, what is the audience in the token? Can you DM me the token so I can take a look?

Thanks,
Dan

Hi Dan
I have seen the js SDK, but we’re integrating the auth0 authentication on a pre existing project that use
@auth0/angular-jwt” and “angular-oauth2-oidc” library for standard oauth flow.

The audience in the code above is set like this

auth0Audience: ‘http://time.api

Attached here you can find the access token obetained during the authentication flow token.txt (1.3 KB)

Thanks

Hmmm yes that is not correct, it shouldn’t be the client id, it should be the API identifier.

Can you DM me a HAR of the request?

Figured this one out via DM.

The id token was being inspected rather than the access token.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.