Hey @karam94 , thank you for joining the Auth0 Community!
The issue you are experiencing seems to depend on using HS256 to sign Auth0’s access token. This answer should explain why.
Let me know if it solves your problem.
1 Like
I’ve followed the blog post How to Secure Blazor WASM Applications with Auth0 in a new blazor WASM core hosted app, and the front-end authorization works fine, however I get the following error when trying to call an API with the “Authorize” attribute applied (with obfuscated data);
www-authenticate: Bearer error="invalid_token", error_description="The audience 'https://**{API ID}**, https://**{MY AUTH0 DOMAIN}**/userinfo' is invalid"
I’ve run the github solution you provide here GitHub - auth0-blog/secure-blazor-wasm-quiz-manager fine and this works without issue, but I can’t find any (relevant) differences in my project to the repo.
When using a token decoder, I can see both projects include the same audiences, so i’m not sure why my project rejects these audiences!
1 Like
Transfering your questions here as this is the thread related with that blog article issues.
1 Like
I have less hair now, but I found it after doing a line-by-line comparison.
In server\startup.cs;
app.UseAuthentication();
app.UseAuthorization();
These must be in this order, otherwise you get this error. Maybe obvious to some but had me scratching my head!
2 Likes
Hey @tom.bryant,
Welcome to Auth0 Community and sorry for my late comment.
I’m happy you resolved the issue by yourself. Yes, middleware order matters. See the Microsoft official documentation for more info.
1 Like
I keep getting this error when i try to login. I have followed the How to Secure Blazor WASM Applications with Auth0 and setup my Auth0 application and updated the auth0 clientId and Audience in the application.
Also the logs show its a successful login. Is there something i’m missing?
1 Like
Hi @softwareengineersazu, welcome to Auth0 Community and thanks for reading my article.
Unfortunately, the error message you are getting tells very little about the possible cause. Please, take a look at your browser’s console to get the actual error. Even better, try to capture and analyze the HTTP requests and responses affected by the error.
Also, please, take a look at the previous comments, since a few readers got your same error. In particular, take a look at the threads started by this message and this one.
Thanks for the reply. I have gone through the browsers console, i don’t see any errors in there. i indeed get a 200 for a token post request and i do get my token in the browser console. but the quiz manager application shows the message “There was an error trying to log you in:‘’'” i have tried everything that has worked for readers who had the same error and no luck there.
1 Like
That’s quite strange 
Did you try to run the sample application? Just to understand if it could be a coding issue or a configuration one.
Yes, I have taken the latest code of the sample application and running it. Is there a way i can help you take a look at my issue and its details in any other wya?
1 Like
In this case, I’m quite sure that it is a configuration or environment (firewalls?) issue. But the strange thing is that you are not getting any error on the HTTP messages exchanged.
Can you share the HTTP requests and responses related to the login and the quiz access? Be sure to remove/anonymize any confidential data before sharing.
Thanks for helping me out on this, when you say HTTP Messages? do you mean the request in the browser developer tools?
1 Like
I have attached a screenshot of all the network calls, please take a look, please let me know if you need any more information. i have checked the HAR file and i dont see any errors in it and neither in my network calls, can you please check what am i missing?
1 Like
Hello!
I am trying to follow the tutorial, but I’m stuck at adding the AddOidcAuthentication method in the client app. Here’s a screenshot with the weird error.
I tried cleaning, rebuilding, deleting the dlls, but nothing helps.
Any idea what might cause this?
Thanks!
Edit: Nevermind, the WebAssembly.Component.dll should be version 3.*
3 Likes
Hey @softwareengineersazu,
Thank you so much for providing your network calls. There are no particular issues in the requests shown in the screenshot as far as I can see.
However, a couple of HTTP requests are still missing. They should be a couple of requests to the userinfo endpoint right after the request to the token endpoint.
Please, send me also these calls in case they are raising an error.
Glad you have figured it out!
I didnt see any request to userinfo endpoint calls in the http requests! is that the reason may be?
1 Like
Hey @softwareengineersazu, taking a closer look at the network calls, I noticed you are using .NET 5.0
This may be the reason for the issue. The article targets .NET Core 3.1 and has not been tested with .NET 5.0. The sample project is bound to .NET 3.1.
Please, try to target your project to .NET 3.1 and retry to run.
2 Likes