Signature verification failed called getUser() with auth0-php 5.4.0

We have had a working app for 2 years. We recently upgraded to the php SDK 5.4.0 and had to make some changes to our Application settings to get this to work - namely, we set “Token Endpoint Authentication Method” to none whereas it was previously set to “Post”.

Authentication works, and are log in flow works from our app - but not the Auth0 Dashboard when trying to impersonate a user (“Sign In As User” -> App).

So my question is two fold: first, why does the Token Endpoint Auth Method no longer work with Post - it did with version 5.0, and why doesn’t the login work at all when impersonating.

Any hints would be great. I’d post some code, but again, it works (on our end), so I’m not even sure what code would help

Using Lock 11.10 to login, PHP 7.1 with auth0-php 5.4.0 SDK to handle response.

$auth0->getUser() throws “Signature verification failed”


Downgraded to 5.2.0 and everything works again. Can move Token Endpoint Auth Method to Post and all logins work and retrieve user profiles through getUser() as expected. What has changed in 5.4 that breaks signature verification in this instance?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?