Jwt malformed even though its correct in the request

I am trying to setup a backend and use an expressJwt middleware but keep getting the error “jwt malformed”. Even though, as you can see in my screenshot, my token format is correct with “Bearer [token]”.

image1695×177 58.4 KB

This is running on a simple express.js server and I am getting the error “UnauthorizedErrorL jwt malformed”

import dotenv from 'dotenv';
import express from 'express';
import authRouter from './api/auth';
import { expressjwt, GetVerificationKey } from 'express-jwt';
import jwksRsa  from 'jwks-rsa';

dotenv.config();

const app = express();

app.use(express.json());

app.use(
  expressjwt({
    secret: jwksRsa.expressJwtSecret({
      jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`, // JWKS URL from Auth0
    }) as GetVerificationKey , 
    algorithms: ['RS256'],
    audience: process.env.AUTH0_AUDIENCE, 
    issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  }).unless({ path: ['/login', '/signup'] })
);

app.use('/auth', authRouter);

// Define the port
const PORT = process.env.PORT || 3000;

// Start the server
app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});

Hi @jakebball11,

Welcome to the Auth0 Community!

Can you provide the value of your audience parameter?

Best,

Mary Beth

image770×540 15.5 KB

As you can see the audience is the correct api.

I am not sure if this is useful but passing my access token into jwt.io says its an invalid signature, is that usual? I am not sure since i dont know if access tokens are meant to be valid JWTs

Hi @jakebball11,

Thanks for the additional information!

I see that you are using the Management API as your audience value. Can you create an API in your Auth0 Dashboard following these steps? Additionally, please see this guide Express guide: Auth0 Node (Express) API SDK Quickstarts: Authorization

Let me know how that goes!

Thanks,

Mary Beth