Understanding RS256 Tokens

Help
1

I’m using the auth0-spa-js library using RS256 signing, and I’m seeing tokens with five parts (four periods). Snippet below. This seems to go against the three-part JWT structure. I’m curious what the deal is here? Can’t find any documentation on how the structure would change for this signing and how to verify.

This is the exact payload that was returned after calling getTokenSilently():

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9oYW1yYWguYXV0aDAuY29tLyJ9..8eNPbSQoVv0qKBKA.gv9d1TK5iJVDKgzWDuOBTDrCr39UkcKp4wvj-yZg-mS48kQpvg9mxmo05sCm2V5JKfaTDqKvcnOGp4o97aItDQNJxIfPhw5Id86XXicSljnewJ_bbV5DEG3q4VYkm9dapWyRuQW3Fx3i0KzTIJ0YClK7oaD8E6o8SavIFrNwOw2zhtXVX4a1xpIHJFYdNTmAUJ3Eo6EwHDiaW31BWw8BIKeKRN1FHnqO1IlLCgxi_qA3HM3rvLPJJuqBXaYBPZnMO2m07MlnkqpKHY7O-2GovktfY7UHTpyeBms6hPn8VXF061tmzA.pBt4_0LMVg78B7a9UzdkHg

3

Hello there @mhamrah welcome to the community!

It looks like you’re receiving an opaque access token as opposed to a JWT. Are you including a valid audience in your authorize request? The following topics should be of use :slight_smile:

1 Like
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.