Auth0 Home Blog Docs

JWT authenticate was once working on my NodeJS api, now returning a 401 error


The following is the error I receive when making an API call to my Node JS server:
401 - {“statusCode”:401,“error”:“Unauthorized”,“message”:“Expired token received for JSON Web Token validation”,“attributes”:{“error”:“Expired token received for JSON Web Token validation”}}

I used several valid access tokens from Auth0 Management API (Test and Application Explorer tab), none of which work. I also tried using access tokens retrieved from “https://[CLIENT]” but same error message is returned. The weird thing is, this was working just fine yesterday.

Please help me out; thanks in advance!


Also, if it helps, everytime I go here:, I have to set my API token again, even though I have already set it. It doesn’t seem to save


@dtr3 the API explorer will not persist your tokens. This is by design to help prevent those tokens from being leaked. As far as the error message goes I might need some more details. All JWTs expire. The access_tokens expiration is defined in the API settings for which the token was issued. So after a given interval those tokens will expire. It is unclear from the comments above, but it seems you maybe issued the token yesterday and tried reusing it today. Can you share the decoded payload of the JWT?


“iss”: “https://[CLIENT]”,
“sub”: “HC305sIL6C2onn8oSCLiE01VIrlbJx33@clients”,
“aud”: “https://[CLIENT]”,
“iat”: 1526613405,
“exp”: 1526699805,
“azp”: “HC305sIL6C2onn8oSCLiE01VIrlbJx33”,
“scope”: “read:client_grants create:client_grants delete:client_grants update:client_grants read:users update:users delete:users create:users read:users_app_metadata update:users_app_metadata delete:users_app_metadata create:users_app_metadata create:user_tickets read:clients update:clients delete:clients create:clients read:client_keys update:client_keys delete:client_keys create:client_keys read:connections update:connections delete:connections create:connections read:resource_servers update:resource_servers delete:resource_servers create:resource_servers read:device_credentials update:device_credentials delete:device_credentials create:device_credentials read:rules update:rules delete:rules create:rules read:rules_configs update:rules_configs delete:rules_configs read:email_provider update:email_provider delete:email_provider create:email_provider blacklist:tokens read:stats read:tenant_settings update:tenant_settings read:logs read:shields create:shields delete:shields update:triggers read:triggers read:grants delete:grants read:guardian_factors update:guardian_factors read:guardian_enrollments delete:guardian_enrollments create:guardian_enrollment_tickets read:user_idp_tokens create:passwords_checking_job delete:passwords_checking_job read:custom_domains delete:custom_domains create:custom_domains read:email_templates create:email_templates update:email_templates”,
“gty”: “client-credentials”