SPA client (Angular) gets either Authorized or JWT requires 3 parts

Hi There,
I have a simple scenario (well I think so). An angular client authenticates via Auth0 and then uses the resulting token to authenticate against our own REST API.

However, when using Angular 4 project I continue to get Unauthorised (using “@auth0/angular-jwt”: “^1.0.0-beta.4”) - this is the case regardless of whether I am connecting to my own HAPI server or the express server (built from the example).

To rule out I build out the example Angular App (Angular 2) and used the (“angular2-jwt”: “^0.2.3”,) and instead of unauthorised I get

Error: JWT must have 3 parts

The Auth service factory is setup, and the auth service is authenticating and setting the token values in the browser

  private setSession(authResult): void {
    // Set the time that the access token will expire at
    const expiresAt = JSON.stringify((authResult.expiresIn * 1000) + new Date().getTime());
    const scopes = authResult.scope || this.requestedScopes || '';
    localStorage.setItem('access_token', authResult.accessToken);
    localStorage.setItem('id_token', authResult.idToken);
    localStorage.setItem('expires_at', expiresAt);
    localStorage.setItem('scopes', JSON.stringify(scopes));

The only other thing I have hear is to change the id_token to just simply token, but again this has no effect.

I am out of next steps and would like to clear this hurdle so that I can get back to building out the application.

Thanks in advance


Sounds like your access token isn’t a JWT. You can paste it into to verify, but JWTs have 3 or 4 parts separated by “.” characters.

using the JWT debugger it will give me an invalid signature simply because I dont have the public / private key - but it can still read it.