I’m trying to use a custom social connection to allow an EHR user to authenticate with my (SPA) application through a confidential client SMART launch. In my testing, I’ve had success with the SMART launch from the SMART Health IT Launcher (both confidential symmetric and confidential asymmetric).
However, when I attempt to do the same from an Epic SMART launcher, I find that Auth0 is able to get a code from the EHR’s authorize endpoint but after hitting Auth0’s /authorize/resume endpoint, I see that my app’s /callback is hit with error: invalid_request and Invalid token: invalid algorithm.
Any thoughts on how to proceed from here? I didn’t find the failed login event to be particularly useful. I’m not sure what token it’s talking about or whether it’s Auth0 or the EHR that has a problem with it.
What are you seeing in the token? If you can find it in your requests, you can use jwt.io to decode it. Also, what token is causing the error? The one issued by Auth0?
I actually figured it out a few minutes ago! The problem was in my Fetch User Profile Script - I actually was getting a token but I was trying to use it to access the wrong server The error must have come from that server.
As a feature request that would have made debugging this easier - from the logs I could tell that the connection’s /authorize endpoint came back with a code but I had no idea how much further Auth0 was able to get - there was no indication that Auth0 was able to get a token from the connection’s /token endpoint or that it ran the Fetch User Profile Script.
The error must have come from that server.