Two days ago, I started playing with the spa provided in the quick guide.
I added some connections, created new components that I could pass data to, and modified the api to be able to manipulate the data provided by the token.
The problem is that now I’m trying to implement it in my own project. I set up the authprovider, all the necessary configuration and stuff.
I created a new connection with google using my keys and id.
I use both projects, mine and the one given as example using the same configuration, both added to the dashboard.
Mine loses the token on refresh, but the other one works fine and only asks for a new login after 24h.
The connection works fine on both, returns the token and can be used without problems as long as it is not refreshed.
I can’t find what I’m doing wrong or where is the bug. If both have the same configuration, they should work the same and one should not lose the session and the other not.
I understand that you’re seeing different session behavior from two apps that sound fairly similar. The first thing I’d check is if you’re using the same scopes in both, more specifically are you using the offline_access scope in both?
It should work in the backend, but I get the following error in the library express-oauth2-jwt-bearer
AssertionError [ERR_ASSERTION]: You must provide a ‘tokenSigningAlg’ for validating symmetric algorithms at jwtVerifier
Any idea why this is happening? I have tried to put the keys that appear in the profile but I get a different error.
In the api test that is in github at first it worked, but after installing mongoose and doing an npm install, I also get that error, so I can not do anything in my code, nor with the example code.
I’m glad to hear you were able to resolve the initial issue!
In terms of token validation, looking at the code you shared I think you might just need to add algorithms: ["RS256"] (or whatever algorithm you’re using) to the object after audience: process.env.AUTH0_AUDIENCE.
Let me know if it still doesn’t work after making that change!
InvalidTokenError: KeyObject or CryptoKey instances for asymmetric algorithms must not be of type “secret”.
I searched for info but found nothing, so I also tried with the keys I might have in the dashboard config, although in theory they would not be needed since I use the new login and should already share the public keys, but there was no way to fix that bug.