Missing a alg header

acampbell · November 27, 2023, 3:30pm

I am on day three working with auth0 and jwt and php. After combing through the documentation and samples, I have the beginnings of a validator. After new SdkConfiguration and new Auth0, the decode command fails with “missing a alg header”, though jwt.io shows “alg, typ, kid” in the header.

“failed to decode/validate token: Auth0\SDK\Exception\InvalidTokenException: Provided token is missing a alg header in C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Exception\InvalidTokenException.php:237
Stack trace:
#0 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(65): Auth0\SDK\Exception\InvalidTokenException::missingAlgHeader()
#1 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(50): Auth0\SDK\Token\Verifier->verify()
#2 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Parser.php(269): Auth0\SDK\Token\Verifier->__construct()
#3 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token.php(290): Auth0\SDK\Token\Parser->verify()
#4 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Auth0.php(134): Auth0\SDK\Token->verify()
#5 C:\inetpub\wwwroot\validate.php(78): Auth0\SDK\Auth0->decode()
#6 {main}”

Did I forget to set an option?

dan.woda · November 29, 2023, 8:24pm

Hi @acampbell,

Welcome to the Auth0 Community!

It sounds like you are requesting an opaque token. See this FAQ for more info:

https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028

Please let me know if you have any questions.

acampbell · November 30, 2023, 7:39pm

Thanks for the reply, @dan.woda. I guess that I did not provide enough information. I am testing against a token received from an application at auth0. This setup will be for validating machine-to-machine traffic.

I changed to new SdkConfiguration then new Token, and the exception message changed to one about aud claim mismatch. It is expecting the application’s clientId but found an URL. I opened a support ticket with auth0.

dan.woda · November 30, 2023, 7:59pm

No problem. If you end up needing more assistance can you please share what SDK and version you are using, some code samples, and an example token with sensitive data removed.

Thanks

system · December 14, 2023, 7:59pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Provided token is missing a alg header Get Help apis , application	7	531	January 30, 2024
Can't Validate Token w/JWT Get Help sessions , authentication-sessions	4	2318	June 11, 2023
Unable to verify token in API (seams like a JWE and not a JWT) Get Help apis , application	2	28	November 28, 2025
Trying to validate Access token with Auth0 PHP, but I get The JWT string must contain two dots Get Help classic-universal-login-experience , login-experience	4	4964	December 16, 2022
JWT access token invalid Get Help access-token , jwt-validation , invalid , access , resource-owner-passw	2	5697	July 25, 2019

Missing a alg header

Related topics