"invalid token" for E2E test connection

Hi all! My app uses Google OAuth and we’re in the process of implementing End-to-end testing.

I’ve followed the guide on E2E testing with Cypress and Auth0, which included creating a new connection, for password-based login.

When cypress does the POST request to https://XXX.auth0.com/oauth/token, I can get a token successfully. However, I am a problem with this token. When trying to validate it, I get this error

  "message": "Could not verify JWT: invalid signature",

In order to verify() the token, I’m using the certificate from my App.

I’m left assuming the token generated from Google OAuth is using the App Certificate, but the token generated using my Password Connection (for E2E) is using a different certificate. Or maybe I’m wrong.

Thoughts?

Thanks in advance!

RESOLUTION

Tokens from Google OAuth logins should be verified against your tenant’s public key, but Password-based logins need to be verified against your client secret. If you’re using the library jsonwebtoken, it’s just a matter of replacing verify(token, PUB_CERT) with verify(token, CLIENT_SECRET).

Hope this helps you, as I couldn’t find the answer nor get support anywhere.

G