I am on day three working with auth0 and jwt and php. After combing through the documentation and samples, I have the beginnings of a validator. After new SdkConfiguration and new Auth0, the decode command fails with “missing a alg header”, though jwt.io shows “alg, typ, kid” in the header.
“failed to decode/validate token: Auth0\SDK\Exception\InvalidTokenException: Provided token is missing a alg header in C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Exception\InvalidTokenException.php:237
Stack trace: #0 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(65): Auth0\SDK\Exception\InvalidTokenException::missingAlgHeader() #1 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Verifier.php(50): Auth0\SDK\Token\Verifier->verify() #2 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token\Parser.php(269): Auth0\SDK\Token\Verifier->__construct() #3 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Token.php(290): Auth0\SDK\Token\Parser->verify() #4 C:\inetpub\wwwroot\vendor\auth0\auth0-php\src\Auth0.php(134): Auth0\SDK\Token->verify() #5 C:\inetpub\wwwroot\validate.php(78): Auth0\SDK\Auth0->decode() #6 {main}”
Thanks for the reply, @dan.woda. I guess that I did not provide enough information. I am testing against a token received from an application at auth0. This setup will be for validating machine-to-machine traffic.
I changed to new SdkConfiguration then new Token, and the exception message changed to one about aud claim mismatch. It is expecting the application’s clientId but found an URL. I opened a support ticket with auth0.
No problem. If you end up needing more assistance can you please share what SDK and version you are using, some code samples, and an example token with sensitive data removed.