I am using Auth0 with Flutter, I just downloaded the sample, I changed the schema to demo
so the callback URL is
demo://ekitabu.eu.auth0.com/android/com.auth0.sample/callback
I am using an audience from an API that I created in the App that uses RS256 encryption algorithm
I was able to login and logout using the sample App.
but if I take the token to JWT.io site, it always gives me an invalid signature
The problem is that this App will communicate with another web app so when I send the token to it, it says that the token has invalid signature. and If I take the token from the website header to JWT.io it can validate the signature there. so there is something wrong with the flutter sample that generates an invalid signature.
anyone can point me to where to look at and if I need to provide more information for some help
Thanks for the Reply, I already have an audience in the system, and I am getting the correct token, and When I try to validate the token on jwt.io, the site lists the correct data and values but still the site says that the token has an invalid signature. I made sure that the algorithm being used is RS256 in both the API (used as the audience) and the project that I got the client Id from.
The weird thing is that, we used the APP and API to configure a kotlin project and we got a valid token.
Sounds silly, but it might be worth just deleting/re-downloading the sample and starting from scratch. Unfortunately it seems like there could be a misconfiguration somewhere in the sample app specifically given the client id and API identifier are working elsewhere
Thanks for the reply, I have confirmed something, when I use the default audience, I get a valid token with minimum info in the audience. but when I try using any of my APIs identifier as audience to get a more meaningful JWT token, the token becomes invalid.
is there any relation between the App and the audience, what I understand, if multiple apps wants to use the same token, like a mobile and a web connected to the same backend, then I will have two APPs (native and web) but they are connected to the same API (audience) and this is what I am trying to achieve.
Thanks for the help, it really was a silly problem but it took me more than 3 days and the support from Auth0 to figure it out.
it is a limitation from Flutter, the print function only prints up to 1024 character, so when I use a simple audience and the token is small, then it will be valid because the print function will print the full token. But when I use a more complicated audience to include more data, the token becomes more than 1024 characters and the print function will truncate it without saying anything so the token becomes invalid