I’m sending my access token in the Authorization Header to a POST on an Express server but the JWT check is failing as ‘UnauthorizedError: jwt malformed’
The accessToken I’m using is returned as 32 long.
For the JWT check I’m using the below:
const authCheck = jwt({
secret: jwks.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: https://NAME.auth0.com/.well-known/jwks.json
}),
audience: NAME.auth0.com,
issuer: https://NAME.auth0.com/,
algorithm: ‘RS256’
});
The authorization appears to be logging in and out of the Auth0 account fine but the API check is failing and existing solutions don’t appear to help in this instance.
Can you console.log the access token on server side just for the troubleshooting purpose and check the content yourself? You can confirm if it is a valid jwt by putting it in jwt.io website. It is likely it is an opaque access token and not jwt. If it is opaque then you need to provide an audience parameter while authenticating the user. Check similar thread here UnauthorizedError: jwt malformed in express.js
Having the same problem, seems like the backend is getting the refresh token which is short and not an encoded jwt token
do I need to disable refresh tokens so that my front end always have a complete token to send to the backend which in turn checks it at the auth0 api ??