Auth0 Home Blog Docs

Invalid token error: illegal padding error 0D0E20DD


#1

Hi

It’s been a while since I worked on this project of mine, but when I picked it back up and had updated the out-of-date npm packages, authorization no longer worked between my (React) client and (Node) api. I get this error:

error: {
  "name": "UnauthorizedError",
  "message": "error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding",
  "code": "invalid_token",
  "status": 401,
  "inner": {
    "opensslErrorStack": [
      "error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib",
      "error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error",
      "error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error"
    ]
  }
}

My auth flow is that the client handles logging in with auth0/Lock using the Implicit Grant flow described in Auth0’s tutorials. The token is sent with each request to the api in the Authorization: Bearer header and validated. It’s here in the api validation that it fails and throws the error above. I’ve checked that nonce and other values are correct during the auth flow on the client.

This used to work fine but then suddenly didn’t some weeks of inactivity later. It’s probably some api change or package update I’ve not migrated to but I can’t find anything obvious. Any ideas?


#2

Posted this issue on github/express-jwt which is also owned by Auth0: https://github.com/auth0/node-jsonwebtoken/issues/510

As mentioned there this error occurs when jwt.verify is called