JWT token is "invalid signature"?

ty.frith · May 2, 2023, 2:14am

Hey again!

You’re on the right track!

My guess is that this token is missing the audience - If you do not specify an audience (aud claim) then the access token you get back will be opaque (not a jwt). That is, it cannot be decoded but can be used against the /userinfo endpoint. Some more on that here:

https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028

And a helpful FAQ on audience in general:

https://community.auth0.com/t/what-is-the-audience/71414

Hope this helps!

Topic		Replies	Views
Wrong token upon getTokenSilently() Get Help	14	11970	October 19, 2019
What is your best practice guidance for a Rails API - use an opaque or JWT-based access token? Get Help	4	5569	February 19, 2021
Custom Claims in Token JWT.io auth0	4	4548	December 17, 2018
Cannot get the correct token from browser to get userinfo call Get Help management-api , users	6	814	April 23, 2024
/oauth/access_token custom claims Get Help social-connections , oidc , custom-claims , facebook , claim	7	4780	March 2, 2018

JWT token is "invalid signature"?

Related topics