Ok everything has been working fine for me for the last year or so but a few weeks ago when trying to authenticate I started getting the following error back from Auth0.
`err = {error: “server_error”, errorDescription: “secret must be a string or buffer”, state: “oRteTe0d_uX8MlaHxxijJdNQkC0ctM4v”}, authResult = undefined
public auth0 = new auth0.WebAuth({
audience: “i",
domain: ".auth0.com”,
clientID: “s1NdHsyp1*****FyaKh”,
responseType: “token id_token”,
scope: “openid profile”,
});
Now if I remove the audience from my AuthOptions then I can authenticate and I don’t get the error, but I don’t have the appropriate access token for calling my API.
I have disabled all my custom rules to make sure it is not one of them that is causing the issue but that has not fixed the issue.
To reiterate this HAS been working for me and recently stopped working without any changes to my set up as far as I’m aware. Please help I’ve been tearing my hair out for ages on this one.
Based on the error message and the fact that the trigger is including the audience (which I assume is a custom API you created in the dashboard) you should review that API configuration. In particular, if that API is set to use HS256 for signing the tokens make sure that a signing secret has been correctly provided.
A definitive way to check that is to use the Management API to get the raw JSON information for that API and check the signing_secret property (Auth0 Management API v2).
I think you are onto it. I am using HS256 and when I copy the signing secret to the clipboard it is empty. Is there a way to change the signing secret I can’t see a way as it is greyed out?