Hi,
I am trying to validate existing user passwords using node-auth0 authentication client’s password grant.
submitting incorrect password gives the appropiate invalid username/password error. I am having issues when submitting correct user/pass it gives invalid signature error.
currently using:
node v16
auth0 v2.42.0
node-auth0
While trying to use authenticationclient’s password grant via node-auth0:
const authClient: AuthenticationClient = new AuthenticationClient({
domain: Env.DOMAIN,
clientId: Env.BACKEND_CLIENT_ID,
clientSecret: Env.CLIENT_SECRET,
});
const data = {
grant_type: "password",
username: user.name,
password: password,
scope: "openid offline_access",
realm: "Username-Password-Authentication",
};
await authClient.passwordGrant(data);
The result I am getting when sending the correct user/pass is
JsonWebTokenError: invalid signature
at /backend/node_modules/jsonwebtoken/verify.js:133:19
at getKey (/backend/node_modules/auth0/src/auth/OAUthWithIDTokenValidation.js:61:16)
In my auth0 logs I can see two successful exchanges: “Client Credentials for Access Token” and “Password for Access Token” which both succeed prior to the invalid signature error.
What is the correct way to be using passwordgrant to validate the existing password?