Unable to decode access_token given on login

import Auth0Provider from "next-auth/providers/auth0";

const nextAuthConfig = {
  providers: [
      clientId: process.env.AUTH0_CLIENT_ID,
      clientSecret: process.env.AUTH0_CLIENT_SECRET,
      issuer: process.env.AUTH0_ISSUER_BASE_URL,
      idToken: true,
      profile(profile) {
        return {
          id: profile.sub,
          name: profile.nickname,
          email: profile.email,
          image: profile.picture,
          roles: profile["https://website.com/roles"],
  callbacks: {
    async jwt({ token, user, account, trigger }) {
      if (user) {
        token.user = {
          roles: user.roles,
      // Persist the OAuth access_token to the token right after signin
      if (account) {
        token.accessToken = account.access_token;
      if (trigger === "update") {
        // update token in user
      return token;

    async session({ session, token }) {
      // add user info to session.user
      session.user.roles = token.user.roles;
      session.user.id = token.sub;

      // add access token to session
      // todo: check if needed on client side
      session.accessToken = token.accessToken;
      return session;
  pages: {
    signIn: "/api/auth/signin",
    signOut: "/api/auth/signout",

export default nextAuthConfig;

this is my config on next-auth, i’m able to login and use the session, but unable to decode the access_token received for some reason. Tried decoding on jwt.io and it says that the payload is not a valid JSON object.

Any help would be appreciated!

Hi @davidplane,

I would try passing in the audience parameter in your login request.

This should generate a valid JWT access token.

Could you give it a try and let me know how it goes?


I have followed this comment to add a default audience parameter, but the access token given is still results in an invalid JSON object on jwt.io for some reason.