Receiving JWE token instead of JWT in Next.js app session

JWT.io
, , , , ,
1

Hi,

We are expecting, a JWT token. We can’t figure out why we are getting a JWE token instead. The only option I can find that would cause this is a plugin that is off. My understanding is JWT should be the default. I am hoping someone could offer some ideas I can look in to.

I am fairly new to this so please let me know if there is any specific information I can share.

  • Using getSession from @auth0/nextjs-auth0.
  • The token has 5 “.”-separated parts, which is why I assume this is a JWE token. Details:
    Decoded Header (part 1):
{
  "alg": "dir",
  "enc": "A256GCM",
  "iss": "https://########.##.auth0.com/"
}
Part 2 length: 0 chars
Part 3 length: 16 chars
Part 4 length: 319 chars
Part 5 length: 22 chars
2

This previous post: Requesting accessToken not returning a valid JWT - #2 by markd …seems to imply the JWE is just an “opaque token” (if this is correct, the docs could help us less experienced folks out by connecting these dots). Adding the env var to my .env.local seems to have gotten me past this issue.

However, other docs say I need this (e.g. Why Access Token Is Not a JWT (Opaque Token) “To receive a JWT, the token request must include an audience parameter.”) but adding it doesn’t seem to do anything new. The env var alone seems to work (to at least get me past this initial issue):

export const GET = handleAuth({
	login: handleLogin({
		authorizationParams: {
			audience: process.env.AUTH0_AUDIENCE,
			scope: 'openid profile email',
		},
        ...