I’m totally new to JWT and most auth. Right now I have a front-end which has Auth0’s universal login integrated. On callback, I obtain the auth token via auth0Client.getTokenSilently(). This token is 505 characters long, and contains a mixture of alphanumeric characters and .'s. I pass this to my…

Ah! I think I see where the confusion lies! Let me see if I can clarify :sunglasses: Firstly I’d recommend reframing your perspective. Previously in the thread (see here for details) I mentioned that Auth0 typically generates two types of token: an ID Token and an Access Token; the former intended …

JWT token is "invalid signature"?

Help

tyf May 2, 2023, 2:14am 3

Hey again!

You’re on the right track!

My guess is that this token is missing the audience - If you do not specify an audience (aud claim) then the access token you get back will be opaque (not a jwt). That is, it cannot be decoded but can be used against the /userinfo endpoint. Some more on that here:

And a helpful FAQ on audience in general:

Hope this helps!

Topic		Replies	Views
Auth0.js V9 returns invalid token altrough user info are parsed correctly Help apis , application	3	1531	January 31, 2023
Why does jwt.verify() give "invalid signature"? JWT.io	13	92712	January 22, 2019
Invalid Token in JWT.io Help auth0-android , sdks-quickstarts	7	1597	September 28, 2023
The access token issued by auth0 is invalid when verified in jwt.io Help jwt , auth0	3	7859	December 31, 2021
Invalid Signature JWT.io jwt , invalid-signature	10	2525	June 9, 2023

JWT token is "invalid signature"?

Related Topics