Post Login Action: Can't get passback JWT validated "The session token is invalid: Missing or invalid standard claims"

I am having issues to complete my post login flow because I can’t seem to get my passback JWT validated on the /continue action.

There seem to be either a standard claim missing, or wrong. I couldn’t figure out cause I wasn’t able to extract a more detailed error message or debug it in depth with " Real-time Webtask Logs" . It would be at least nice to know what is either missing or what claim is wrong.

From the list shown here I ensured that all the fields are there. This is my business logic to build the new token by taking some fields from the sessionToken I received from the action-redirect:

    $tokenPayload= [
            "sub" => $tokenSessionFromAction->sub,
            "iss" => $tokenSessionFromAction->iss,
            "exp" => $tokenSessionFromAction->exp + 1000,
            "state" => $state,
            "optionalField" => "should show up in payload"
        ];

What am I missing here?

Hi @hendrik,

Welcome to the Auth0 Community.

I understand that you are encountering issues with validating your JWT token.

Having looked closely at your tokenPayload, I noticed that you did not include the audience claim. I recommend including the aud claim in your tokenPayload as part of your token validation.

Note that the format for JWT validation checks includes:

  • Signature
  • Issuer claim
  • Audience claim
  • Expiration claim
  • Other claims

You can also find the expected values in a token by checking the discovery endpoint:

https://YOUR_DOMAIN.REGION.auth0.com/.well-known/openid-configuration

Please let me know if that helps.

Thank you.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.