Missing a alg header

I am on day three working with auth0 and jwt and php. After combing through the documentation and samples, I have the beginnings of a validator. After new SdkConfiguration and new Auth0, the decode command fails with “missing a alg header”, though jwt.io shows “alg, typ, kid” in the header.

“failed to decode/validate token: Auth0\SDK\Exception\InvalidTokenException: Provided token is missing a alg header in C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Exception\InvalidTokenException.php:237
Stack trace:
#0 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(65): Auth0\SDK\Exception\InvalidTokenException::missingAlgHeader()
#1 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(50): Auth0\SDK\Token\Verifier->verify()
#2 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Parser.php(269): Auth0\SDK\Token\Verifier->__construct()
#3 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token.php(290): Auth0\SDK\Token\Parser->verify()
#4 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Auth0.php(134): Auth0\SDK\Token->verify()
#5 C:\inetpub\wwwroot\validate.php(78): Auth0\SDK\Auth0->decode()
#6 {main}”

Did I forget to set an option?

1 Like

Hi @acampbell,

Welcome to the Auth0 Community!

It sounds like you are requesting an opaque token. See this FAQ for more info:

Please let me know if you have any questions.

Thanks for the reply, @dan.woda. I guess that I did not provide enough information. I am testing against a token received from an application at auth0. This setup will be for validating machine-to-machine traffic.

I changed to new SdkConfiguration then new Token, and the exception message changed to one about aud claim mismatch. It is expecting the application’s clientId but found an URL. I opened a support ticket with auth0.

1 Like

No problem. If you end up needing more assistance can you please share what SDK and version you are using, some code samples, and an example token with sensitive data removed.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.