Secure a FastAPI Server with Auth0 - Invalid User

JWT.io
, ,
1

Hi everyone,

I’m setting up a server with FastAPI and I want to secure its endpoints using Auth0.

I’ve followed and implemented this article Build and Secure FastAPI Server with Auth0 and also this video How to Protect an API in FastAPI with Auth0.

Right now, if I want to test the configured API in Auth0 requesting a token with my client id and client secret, I receive the following error back:

{'status': 'error', 'message': 'Invalid issuer'}

I’ve verified the token in jwt.io and looks correct and also verified my domain, api audience, issuer, and algorithms variables and can’t see any issues.

I haven’t found further information to this error and that’s why I’m posting this here. Hopefully someone could help me or if anybody has any ideas, I would appreciate it very much!

Best regards,
Jaime

1 Like
2

Hey Jaime,

it’s been a while since you posted but I just ran into the same issue and found a solution. Maybe this can be of help for people encountering the same:

Take your bearer token, decode it on https://jwt.io/ and check the iss payload value. The issuer parameter that you use to set up your PyJWK client with has to match that value exactly. I was missing a / at the end of the string.

Hope that helps,
Best regards.

3 Likes
3

Thanks for sharing that with the rest of community!

1 Like
4

If you run into issues like this in the future, you can also build a custom full-stack code sample to troubleshoot full-stack issues like this. :muscle:

2 Likes
5

Hi cellador! Thanks for your reply. I’m not able to test your suggestion currently since we went for a custom implementation on our side but for a new project I will definitely try this :smiley:

Thanks for sharing!

1 Like
6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.