I am just starting to test using Auth0 for one of our apps. This is a noob question…
-
I have successfully configured an app and logged in a user using the /01-Login/ javascript example in the Auth0 github.
-
I tested the generated id_token on JWT.io along with the client secret, the debugger showed the signature was verified
-
However, when I pass the id_token to an AWS Lambda function, jwt.verify() gives me the error "invalid signature.’
It appears I should not be using the id_token for from an application to check for further permissions? Only the API builder in the Auth0 management console has the option to using the “signing secret” and not the “client secret.”
I was attempting to test passing in the id_token created in the /01-Login/ javascript example in the Auth0 github repo to an AWS lambda function for verification.