Post Login Action: Can't get passback JWT validated "The session token is invalid: Missing or invalid standard claims"

hendrik · September 6, 2021, 9:16am

I am having issues to complete my post login flow because I can’t seem to get my passback JWT validated on the /continue action.

There seem to be either a standard claim missing, or wrong. I couldn’t figure out cause I wasn’t able to extract a more detailed error message or debug it in depth with " Real-time Webtask Logs" . It would be at least nice to know what is either missing or what claim is wrong.

https://auth0.com/docs/actions/triggers/post-login/redirect-with-actions#pass-information-back-to-the-action
From the list shown here I ensured that all the fields are there. This is my business logic to build the new token by taking some fields from the sessionToken I received from the action-redirect:

    $tokenPayload= [
            "sub" => $tokenSessionFromAction->sub,
            "iss" => $tokenSessionFromAction->iss,
            "exp" => $tokenSessionFromAction->exp + 1000,
            "state" => $state,
            "optionalField" => "should show up in payload"
        ];

What am I missing here?

rueben.tiow · September 23, 2021, 12:01am

Hi @hendrik,

Welcome to the Auth0 Community.

I understand that you are encountering issues with validating your JWT token.

Having looked closely at your tokenPayload, I noticed that you did not include the audience claim. I recommend including the aud claim in your tokenPayload as part of your token validation.

Note that the format for JWT validation checks includes:

Signature
Issuer claim
Audience claim
Expiration claim
Other claims

You can also find the expected values in a token by checking the discovery endpoint:

https://YOUR_DOMAIN.REGION.auth0.com/.well-known/openid-configuration

Please let me know if that helps.

Thank you.

system · October 15, 2021, 7:42pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.