The Access Token Obtained with nextjs-auth0 v4 Beta Is Different

Help
,
1

I updated Next.js to v15 and also updated nextjs-auth0 to v4 Beta. I noticed that, for the same user, the access token retrieved by nextjs-auth0 v3 is different from the one retrieved by v4 Beta.

Below are the methods used to obtain the access token in the Next.js middleware.

v3

import {getSession} from "@auth0/nextjs-auth0/edge";
export default async function middleware(
  request: NextRequest,
  event: NextFetchEvent,
) {
  const response = NextResponse.next();
  const session = await getSession(request, response);
}

v4

import { auth0 } from "./utils/auth0";
export async function middleware(request: NextRequest) {
  const authResponse = await auth0.middleware(request);
  const accessToken = await auth0.getAccessToken(request, authResponse);
}

When I verify the access token obtained with v4 using the jose library, I get the following error:

JWSInvalid: Invalid Compact JWS

import { createRemoteJWKSet, jwtVerify } from "jose";

const JWKS = createRemoteJWKSet(
  new URL(`https://${env.AUTH0_DOMAIN}/.well-known/jwks.json`),
);

const { payload } = await jwtVerify(jwt, JWKS, {
  issuer: `https://${env.AUTH0_DOMAIN}/`,
  audience: env.AUTH0_AUDIENCE,
});

Do you have any advice or suggestions on how to resolve this issue?

2

When I specified the scope and audience, I started receiving the same access token as I did in v3.

export const auth0 = new Auth0Client({
  authorizationParameters: {
    scope: "openid profile",
    audience: "http://localhost:3000",
  },
});

The issue is resolved, but I still don’t fully understand the reason behind it.