InvalidTokenError: Invalid Compact JWS

thisisdjfresh · May 10, 2023, 10:53am

Hi there, ive followed the docs and have set this up previously but struggling with this:

Im using auth0 on my front end and backend, but there seems to be a problem, im getting this error: InvalidTokenError: Invalid Compact JWS

node_modules/express-oauth2-jwt-bearer/dist/index.js:403:24 {
status: 401,
statusCode: 401,
headers: {
‘WWW-Authenticate’: ‘Bearer realm=“api”, error=“invalid_token”, error_description=“Invalid Compact JWS”’
},
code: ‘invalid_token’
}

Here is the api check: const jwtCheck = auth({
audience: ‘h t t p s://myurl.com’,
issuerBaseURL: ‘https://me.eu.auth0.com/’,
tokenSigningAlg: ‘RS256’,
});

auth provider in index.js <Auth0Provider
domain=“me.eu.auth0.com”
clientId={{MY CLIENT ID}}
redirectUri={window.location.origin}
audience=“h t t p s://myurl.com”
>

And the front end getting the token and making the request const authLink = setContext(async (_, { headers }) => {
const token = await getAccessTokenSilently();
return {
headers: {
…headers,
Authorization: Bearer ${token},
},
};
});

const client = new ApolloClient({
link: authLink.concat(httpLink),
cache: new InMemoryCache(),
});

The token im sending is identical to the one the API is recieving

Can anyone please help?

thisisdjfresh · May 10, 2023, 12:56pm

To add to this it appears that the access token is a JWE not a JWT token though there is nowhere i can set this and i havent changed any oauth settings so this should i believe default to JWT?

ramandeep · December 12, 2023, 5:22pm

Did you manage to resolve this issue, I’m experiencing something similar.

nik.baleca · February 17, 2025, 9:43pm

Hi @thisisdjfresh

Welcome to the Auth- Community!

I am sorry about the late reply to your inquiry.

When you login to Auth0 and don’t specify an audience, you will get an opaque access token. It looks like a regular JWT, but actually it’s a self contained encrypted JWT. The only way to validate an opaque token is to call the server that issued the token, in this case the /userinfo endpoint.

In order to get an JWT. You need to create a custom api. Then use this as the audience in your react app to login:

<Auth0Provider
      domain="YOUR_AUTH0_DOMAIN"
      clientId="YOUR_AUTH0_CLIENT_ID"
      redirectUri={window.location.origin}
      audience="YOUR_API_IDENTIFIER"

This will provide you a JWT when you call the getAccessTokenSilently() method.

Then you can specify the same API as the audience in your api:

const jwtCheck = auth({
  issuerBaseURL: "https://<DOMAIN>", 
  audience: "YOUR_API_IDENTIFIER",
});

Hope this is helpful to the issue that you were facing.

If you have any other questions, feel free to leave a reply or post again on the community!

Kind Regards,
Nik

Topic		Replies	Views
Generated JWT token is invalid Get Help management-api , keys	2	3829	January 23, 2023
How to validate token from login from authorization flow Get Help jwt , auth0	8	3346	December 9, 2024
Why is my access token an invalid format? Get Help apis , application	6	5190	January 13, 2024
Audience yes, no, why? Get Help jwt , access-token , opaque-tokens	7	6171	March 27, 2021
Unable to verify token in API (seams like a JWE and not a JWT) Get Help apis , application	2	110	November 28, 2025

InvalidTokenError: Invalid Compact JWS

Related topics