I’m developing and application an integrating with auth0. in our test auth0 env every thing worked fine. We manage to authenticate using react and call our APIs and validate/decode the JWT. Then when we migrated to the company auth0 they send in some configurations to (domain, audience, client secret) and we stopped being able to decode the token. maybe the token is a JWE and not a JWT token.
example token: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9nbG9iYWxpZHBkdGEucmFuZHN0YWRzZXJ2aWNlcy5jb20vIn0..EigIjN1nwvdUnlhd.Fh-Qq4WjOFSvWPEaWqcDHJL6wkh0Q_O_N98XZbTwFPJxgGC98I-xVQqMjanbl_-rnzr08rDxmtAdtNJ9nBYQRHSJjJsPKrIKvHCfP6fbzYiqFv7A7eIrryfYSe8EQgXWWGWodx3i8SVmkrfG28lJ4Z-zG171tFAh1Vp5tVwyB5qvSYwPiUQGPpzM1XG1kKYjjjeVMRd1fvp21JSxQoEl3gd3ma7oiux0s_CjEhH7guL1WFaFmKNCq_ZJ86awIkyY_SwGSz_3EPbeZ3JjrdqNLQCJzublPx9HQwwuLAH8I9hl9An4pf5m-i-M1htybw7rWFQV44ykqJZaBM9kJJO_cSWtdnoERU3fTUFA.HrWZ3PD7QyK04e5dG9rgRw
first we were using jsonwebtoken with decode and verify but with the new configurations it started to fail (jwt.decode would return null)
then we tried to use node-jose do decrypt the token using the client secret the team provided and we started getting an error “decryption failed” at “const decryptor = await jose.JWE.createDecrypt(keystore);”
The team that manages the Auth0 tenant just send me some configuration with no documentation mainly:
domain (a custom domain)
clientId
audience
client secret
and a link to a json file for OIDC config: custom url… /.well-known/openid-configuration
I’m completely stuck if anyone can please help