I’m running into an issue and having trouble getting to the bottom of it:
After a successful login with a Google user, my PHP implementation (using official Auth0 library) is failing with the following error message:
Auth0\SDK\Exception\InvalidTokenException::unexpectedSigningAlgorithm(RS256, HS256)
Our code is configured to use RS256, as is visible from the error stack trace:
Auth0\SDK\Token\Parser->verify(RS256, ***…, ***…, 60, NULL)
And the API/audience is also configured to use RS256.
Auth0 Logs show successful login for the Google user and successful Authorization Code for Access Token.
When Auth0 redirects to my callback URL, it throws the above mentioned exception.
The confusing part is, though, I have two APIs/Clients, one for prod and one for dev. Both configured exactly the same. Dev works, but Prod throws this exception.
Is it possible something is erroneous on Auth0 end, or am I missing something in my configuration? Did anyone run into a similar issue?