My auth0 app is broken

Please include the following information in your post:

  • Which SDK this is regarding: e.g. auth0-go auth0-python auth0-vue

Auth 0 has quite good intentions, I have a personal SPA app (vue js , go ) secured using auth0
However , I let it one year or so alone working and now I want to add features in it.

It appears that all go sdk / feature are broken because of go 1.16 forcing modules and breaking changes in jwt jose route protection management.

I spend a looooot (way too much regarding auth0 should help me to abstract a lot for security implementation) of time figuring out how to fix it without success. There is many documentation, no one is up to date with actual code ,everything looks broken and in terrible mess.

SO

I wanted to fall back on python using fastapi. This is quite a new framework and I expected things were going better. No way, same here , documentation exists and is quite extensive but nothing works out of the box between documentation and actual released sdks. I wonder if this is related to the fact auth0 suggest using third party libraries to handle stuff like jwt, but I spent again waaaaaay too much time understand what really happens under the hood by hacking my api calls.

In the end and in order to help somehow I wanted to say (and maybe I just understood nothing to the actual documentation) that I solved my issue by setting in my env secret the value
API_AUDIENCE to the value of auth_config.json fontend file clientId value
so API_AUDIENCE looks like a token “d78X7gPJxxxxxx”.
By just adapting this from the file documentation on backend side I could finally make it work.
Indeed , jwt token python code compares the API_AUDIENCE value to payload value “audience_claims” which does not contains audience in the previous form which was for me (and still working in production on the previous version app with golang now broken code “https://utopland.net”.

Another point is the frontend I had to update. indeed, the previous
“const token = await Vue.prototype.$auth.getTokenSilently()”
that also still work on my production app with previous sdk version does produce a “invalid token” response from protected api routes for both python and go private routes mechanism described in your documentation.
I finally had to use (and there is nothing clear about this in documentation and the look and feel of the code that seems to use special variables let me thing this is also not good) the following code to have a token which private protected endpoint (go and python) accepts to parse (and then blocked on the audience issue described above). The hacky code is the follwing :
“const token = (await Vue.prototype.$auth.getIdTokenClaims()).__raw”

In conclusion, every up to date SDK I used from auth0 seems broken / incompatible / not sync with the internet documentation. Everything looks terribly messy to me now, and I am loosing comfidence using your product. I will try to make my app work like this for now because this is absolutely not critical, but I am not sure I would use this in my daily job.
I really hope things will get better, or at very least your documentation will be updated with more accurate / up to date / valid information.

I repeat that for me, one of killer feature of using a product like auth0 SHOULD / MUST be to have some extremely intuitive / easy way to integrate authentication mechanism in any new / legacy app. This seems to not be the case now. I also think I am quite motivated to have gone so far and many newcomer might be really lost and forgive very sooner than me trying to use all of this.
The other fundamental thing I want to use a product like auth0 is to abstract as much as possible security concerns management that are hard problems from my apps. Everything else are mostly bonuses to me (also because I am a single user and have very few needs)

I understand my message can look negative , but I really want you to understand my frustration using auth0 these day which is the opposite of what I expect from this product.

Previous message deleted due to SPAM reasons