Auth0 Home Blog Docs

UnauthorizedError: key must be a string or buffer

unauthorizederror

#1

Getting the error when trying to access the protected server-side api
UnauthorizedError: key must be a string or buffer
I’m doing anything complicated, following the various guides and docs here.


const jwtCheck = jwt({
    secret: jwksRsa.expressJwtSecret({
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: "https://jam78.eu.auth0.com/.well-known/jwks.json"
    }),
    audience: 'http://localhost:3001/api/protected/random-quote',
    issuer: "https://jam78.eu.auth0.com/",
    algorithms: 'RS256']
});
app.use('/api/protected', jwtCheck);
app.get('/api/protected/random-quote', function(req, res) {
  res.status(200).send(quoter.getRandomOne());
});

testing in node


var request = require("request");
var options = { method: 'GET',
  url: 'http://localhost:3001/api/protected/random-quote',
  headers: { authorization: 'Bearer eyJ0eXAiOiJKV1QiLCJhbGci..} };
request(options, function (error, response, body) {
  if (error) throw new Error(error);
  console.log(body);
});

The access code does not have a valid signature when I checked on jwt.io
I’m totally new, I believe I have set everything up correctly on auth0 admin guis.
Regards


#2

On the client side, I’m following
https://auth0.com/blog/jwt-authentication-with-observables/

section ‘Retrieving Secret Quotes’, states that the access_token must be passed, but the code snippet shows id_token retrieved from localStorage instead. The access_token I get from auth0 is base64 encoded.
I’m very confused.


#3

So, it look like the issue is that


jwksRsa.expressJwtSecret 

which returns a callback, which is ultimately fed to the verify method for jwt and fails there.
So I don’t why callback is not executed by this point. Any ideas?


#4