Signature verification failed in jwt.decode()

Help
,
1

Hi, below is my code written in python -

def verify_token(token: str = Header(None)) -> TokenData:
    if token is None:
        raise HTTPException(status_code=401, detail="Token is missing")
    try:
        logger.info(f'AUTH0_DOMAIN: {os.getenv("AUTH0_DOMAIN")}')
        logger.info(f'AUTH0_ALGORITHMS: {os.getenv("AUTH0_ALGORITHMS")}')
        logger.info(f'AUTH0_AUDIENCE: {os.getenv("AUTH0_AUDIENCE")}')
        jwks_client = jwt.PyJWKClient(f'https://{os.getenv("AUTH0_DOMAIN")}/.well-known/jwks.json')
        signing_key = jwks_client.get_signing_key_from_jwt(token).key
        logger.info(f'signing key: {signing_key}')
        payload = jwt.decode(token, signing_key, algorithms=[ALGORITHM], audience=AUDIENCE)
        logger.info(f'payload: {payload}')
        sub = payload.get("https://io.net/user").get("io_id")
        logger.info(f'sub: {sub}')
        if sub is None:
            raise HTTPException(status_code=401, detail=str(payload))
        return TokenData(userid=sub)
    except Exception as err:
        logger.error(f'TOKEN_FAILED: something went wrong {err}')
        raise HTTPException(status_code=401, detail=str(err))

and below are my ENV Variables -

AUTH0_DOMAIN=test-users-migration.us.auth0.com
AUTH0_AUDIENCE=https://test-users-migration.us.auth0.com/api/v2/
AUTH0_ALGORITHMS=RS256

I don’t understand, sometimes it works sometime it fails

2

Hi @roshan.pandey

Welcome to the Auth0 Community!

Thank you for posting your question. Are you able to fetch the error code or error details?

In terms of your code snippet, I would personally change the way you fetch variables from .env

    try:
        auth0_domain = os.getenv("AUTH0_DOMAIN")
        auth0_algorithms = os.getenv("AUTH0_ALGORITHMS")
        auth0_audience = os.getenv("AUTH0_AUDIENCE")
        ...

Thanks
Dawid