Make Request to Auth0 api from react native app

schoenbl · August 28, 2021, 6:09pm

I have a react native app authenticated with Auth0.

I have an API that uses react native.

When a user signs in, i take the accessToken that is given for that user, and I make request to the API with the accessToken set as the authorization header.

I do so like this:

const requestHeader = {
        headers: {
            Authorization: `Bearer ${accessToken}`,
        }
    }

axios.post(API_BASE + '/api/example/', requestHeader)

The accessToken is something short like this: aBQdd0kOvb1pNj-9XDj_C6bKWkMg9D_q

When I try to validate the request with the API, I get this error:

UnauthorizedError: jwt malformed

I know i’m getting this error because the access token isn’t a JWT.

I’m validating in the API like this:

exports.checkJwt = jwt({
    secret: jwksRsa.expressJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: 'https://dev-0p1doq9r.auth0.com/.well-known/jwks.json'
  }),
  audience: 'ddasdsfasdfasd',
  issuer: 'safsdfasdfasdfafsdf',
  algorithms: ['RS256']
});

I know that accessToken needs to be transformed into a JWT on the client, BUT HOW? I have not found any documentation for this; I have also not found what other properties need to be included in the JWT for validation.

dan.woda · August 30, 2021, 9:17pm

Hi @schoenbl,

Welcome back to the Auth0 Community!

Take a look at this resource:

schoenbl · August 31, 2021, 6:05am

Hi Dan! Thanks for your response! That doesn’t seem to be working for me.

This is how I’m using the Auht0 constructor from the React Native Auth0 SDK:

import Auth0 from 'react-native-auth0';
const auth0 = new Auth0({
    audience: "https://api.thepodapp.com",
    domain: 'dev-0p1doq9r.auth0.com',
    clientId: 'LOfg18i9rCofQQadginNQVlDz8zF7PXI',
});

export const signInAsync = (callback) => {
    auth0
        .webAuth
        .authorize({scope: 'openid profile email'})
        .then(credentials => callback(credentials))
        .catch(err =>  callback(null, err))
}

When I do that, I still receive and opaque token. Should I be receiving a JWT when I do this?

dan.woda · August 31, 2021, 3:09pm

Have you registered an API in the Auth0 dashboard that corresponds with that audience?

E.G.:

schoenbl · September 3, 2021, 4:58am

Hi Dan, thanks for the response. I really appreciate your help.

Yes, I have made the corresponding API in the Auth0 dashboard:

Any other ideas on what the issue might be?

dan.woda · September 3, 2021, 4:35pm

Can you try passing the audience param to your authorize method?

authorize( {
  ...,
  audience:"https://test-api"
} )

schoenbl · September 5, 2021, 6:30pm

This worked! Thank you! Should the documentation be updated?

dan.woda · September 8, 2021, 5:12pm

It sounds like that would be helpful. I can’t find any references to passing the audience when you create the Auth0 object, did you see that recommended somewhere? I’d like to recommend an update.

system · September 23, 2021, 5:13pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.