Auth0 Home Blog Docs

UnauthorizedError: key must be a string or buffer



Getting the error when trying to access the protected server-side api
UnauthorizedError: key must be a string or buffer
I’m doing anything complicated, following the various guides and docs here.

const jwtCheck = jwt({
    secret: jwksRsa.expressJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: ""
    audience: 'http://localhost:3001/api/protected/random-quote',
    issuer: "",
    algorithms: 'RS256']
app.use('/api/protected', jwtCheck);
app.get('/api/protected/random-quote', function(req, res) {

testing in node

var request = require("request");
var options = { method: 'GET',
  url: 'http://localhost:3001/api/protected/random-quote',
  headers: { authorization: 'Bearer eyJ0eXAiOiJKV1QiLCJhbGci..} };
request(options, function (error, response, body) {
  if (error) throw new Error(error);

The access code does not have a valid signature when I checked on
I’m totally new, I believe I have set everything up correctly on auth0 admin guis.


On the client side, I’m following

section ‘Retrieving Secret Quotes’, states that the access_token must be passed, but the code snippet shows id_token retrieved from localStorage instead. The access_token I get from auth0 is base64 encoded.
I’m very confused.


So, it look like the issue is that


which returns a callback, which is ultimately fed to the verify method for jwt and fails there.
So I don’t why callback is not executed by this point. Any ideas?