JWT and JWE tokens

bbordine · February 12, 2024, 1:40pm

My React.js frontend is still sending JWE tokens back to my C# backend despite having set the correct audience and following all documentation and posts I have been able to find on this board.

Update: I went through my auth0 logs and it says everything is working properly. I am authenticating and then authorizing, but the token being sent is still a JWE. This is where I am calling the audience. Am i doing it wrong?

builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.Authority = "MyAuthority";
    options.Audience = "MyAudience";

    options.Events = new JwtBearerEvents
    {
        OnMessageReceived = context =>
    {
        var authorizationHeader = context.Request.Headers.Authorization.FirstOrDefault();
        Log.Information("Authorization Header: {AuthorizationHeader}", authorizationHeader);
        return Task.CompletedTask;
    },
        OnTokenValidated = context =>
        {
            Log.Information("Token validated: {Token}", context.SecurityToken);
            return Task.CompletedTask;
        },
        OnAuthenticationFailed = context =>
        {
            Log.Error("Authentication failed: {Exception}", context.Exception);
            return Task.CompletedTask;
        },
        OnChallenge = context =>
        {
            Log.Warning("A challenge occurred: {Error}", context.Error);
            return Task.CompletedTask;
        }
    };
});

[HttpGet("Endpoint")]
        [Authorize]
        public ActionResult<List<Dictionary<string, object>>> GetEndpoint()
        {
            List<Dictionary<string, object>> result = Service.GetEndpoint();
            return Ok(result);
        }

tyf · February 12, 2024, 11:10pm

Hey there @bbordine welcome to the community!

I assume you mean opaque token as opposed to JWE - Are you unable to decode an example access token at jwt.io? On the React side of things, are you including the audience in Authorization Params as shown here?

bbordine · February 13, 2024, 12:50pm

I thought I was! But I was not doing it correctly. I was doing this:

const token = await getAccessTokenSilently({
        audience: MyAudience'
      });

but I fixed it and now it’s working. Thank you!

tyf · February 13, 2024, 4:09pm

That’s great thanks for confirming!

system · February 27, 2024, 4:09pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.