Hi, I’m developing an SPA app (React) with a .NET core API backend. I’ve been using Auth0 for authentication successfully for some time. I wanted to deploy the pre-production app so I am following the recommendations here by creating a separate tenant for development (keeping the original tenant for production).
So, I’ve replicated the app and api in the (new) development tenant. In testing the new environment, the authentication part works fine. A user can sign in and Auth0 returns an access token. However, accessing the .net API fails with an invalid token error ( WWW-Authenticate: Bearer error=“invalid_token”, error_description=“The signature key was not found”).
Here’s the relevant portion of the .net code in Startup:
options.Audience = "https://myapp.api.com" ; options.SaveToken = true; });
I’ve kept the audience the same for both the prod env (old) and dev environment (new). To my understanding, the only change on the API side is changing the “Authority” value. I’ve commented out the value that works when using the prod env. And I’ve inspected the JWT and everything looks fine.
Am I missing something?