"invalid token" for E2E test connection

gunar · August 27, 2019, 7:26pm

Hi all! My app uses Google OAuth and we’re in the process of implementing End-to-end testing.

I’ve followed the guide on E2E testing with Cypress and Auth0, which included creating a new connection, for password-based login.

When cypress does the POST request to https://XXX.auth0.com/oauth/token, I can get a token successfully. However, I am a problem with this token. When trying to validate it, I get this error

  "message": "Could not verify JWT: invalid signature",

In order to verify() the token, I’m using the certificate from my App.

I’m left assuming the token generated from Google OAuth is using the App Certificate, but the token generated using my Password Connection (for E2E) is using a different certificate. Or maybe I’m wrong.

Thoughts?

Thanks in advance!

gunar · August 28, 2019, 5:10pm

RESOLUTION

Tokens from Google OAuth logins should be verified against your tenant’s public key, but Password-based logins need to be verified against your client secret. If you’re using the library jsonwebtoken, it’s just a matter of replacing verify(token, PUB_CERT) with verify(token, CLIENT_SECRET).

Hope this helps you, as I couldn’t find the answer nor get support anywhere.

G

Topic		Replies	Views
Issue with Google connection using Auth0 Help google , oauth2	4	5581	November 22, 2018
/api/v2/oauth/token Authentication problems Help	8	2372	July 30, 2022
Testing a full-stack app with Cypress.io Help auth0 , javascript , testing , nestjs	1	3408	November 30, 2021
Invalid token - login via cypress Help	1	5079	December 28, 2019
Jwt.verify fails although token and key work in the JWT.io debugger JWT.io auth0 , lambda	2	7127	October 14, 2018

"invalid token" for E2E test connection

Related topics