JWT verification from a backend API

Problem statement

We have been getting an invalid issuer when validating the JWT obtained from our front end’s API endpoints.

Symptoms

  • Getting a 401 error in the backend when trying to implement middleware to validate JWTs on the backend
  • Changing the issuer multiple times with no success.

Cause

  • There was missing a slash / and protocol on the issuer URL that was used to validate in the middleware.
  • The issuer URL needs to have an exact match to the keys of the JSON Web Key Set endpoint: (https://YOUR_DOMAIN.us.auth0.com/.well-known/jwks.json)

Solution

We recommend that you include the required slash / and protocol on the issuer URL used to validate in your middleware.