I have an sms passwordless connection which has gateway authentication set up with a subject, audience and secret (not base64 encoded). I am using a custom SMS gateway (rather than Twilio), and have an AWS Lambda that pushes the verifies the JWT in the header and pushes the OTP to a user’s phone. The secret is stored in AWS Secret Manager, and the Lambda GETs the secret from AWS to verify the token. I am using terraform to manage both the Auth0 and AWS resources.
I’ve been trying to change the secret set in the passwordless connection, but have not been able to do this successfully. The JWT verification fails, and returns an invalid signature
error despite the secrets being updated to the same value in both places.
I’ve narrowed down the issue to two possibilities:
- The Lambda is unable to access the new secret - I think this is less likely as the Lambda was previously able to get the secret from AWS Secret Manager.
- It’s not possible to rotate the secret for the SMS passwordless connection (or at least it’s not possible the way I’m trying to do it).
There’s actually nothing in the docs around sms connection secret rotation, so is it even possible. If it is, how?