Auth0 Home Blog Docs

Spring MVC Example throwing com.auth0.IdentityVerificationException "The 'sub' claim contained in the token was null"

I’ve been using Auth0 for a while with SPAs but I’m trying a Java Spring Boot MVC example with Thymeleaf (server side). I’m using this example from your GitHub repo -

The set up looks pretty straight forward but when I attempt a login from the hosted page I get the following after the code exhange -

om.auth0.IdentityVerificationException: An error occurred while trying to verify the user identity: The ‘sub’ claim contained in the token was null.
at com.auth0.RequestProcessor.process(RequestProcessor.java:140)
at com.auth0.AuthenticationController.handle(AuthenticationController.java:148)
at com.auth0.example.mvc.CallbackController.handle(CallbackController.java:47)
at com.auth0.example.mvc.CallbackController.getCallback(CallbackController.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)

I see this same issue has been reported before but not resolved. Can you tell me why the com.auth0.RequestProcessor doesn’t fetch the userId from the access token? The UserInfo returned from the userInfo api, which is called by the client during exhange doesn’t contain the sub key.

Any help would be appreciated. I can’t move forward without resolving this and I’ve hit a dead end.

Many thanks

John

Solved it.

I had a rule which was altering the userMetaData for user info which was being returned from the user db for all clients. I turned the rule off and the sub claim is automatically added into the user info. The rule should really have an if statement in there to check the client id and only do do that custom manipulation of the user info for that specific client id.

Glad you figured it out! And thanks a lot for sharing it with the rest of community!

1 Like