Understanding RS256 Tokens

mhamrah · September 23, 2022, 3:51pm

I’m using the auth0-spa-js library using RS256 signing, and I’m seeing tokens with five parts (four periods). Snippet below. This seems to go against the three-part JWT structure. I’m curious what the deal is here? Can’t find any documentation on how the structure would change for this signing and how to verify.

This is the exact payload that was returned after calling getTokenSilently():

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9oYW1yYWguYXV0aDAuY29tLyJ9..8eNPbSQoVv0qKBKA.gv9d1TK5iJVDKgzWDuOBTDrCr39UkcKp4wvj-yZg-mS48kQpvg9mxmo05sCm2V5JKfaTDqKvcnOGp4o97aItDQNJxIfPhw5Id86XXicSljnewJ_bbV5DEG3q4VYkm9dapWyRuQW3Fx3i0KzTIJ0YClK7oaD8E6o8SavIFrNwOw2zhtXVX4a1xpIHJFYdNTmAUJ3Eo6EwHDiaW31BWw8BIKeKRN1FHnqO1IlLCgxi_qA3HM3rvLPJJuqBXaYBPZnMO2m07MlnkqpKHY7O-2GovktfY7UHTpyeBms6hPn8VXF061tmzA.pBt4_0LMVg78B7a9UzdkHg

ty.frith · September 23, 2022, 11:55pm

Hello there @mhamrah welcome to the community!

It looks like you’re receiving an opaque access token as opposed to a JWT. Are you including a valid audience in your authorize request? The following topics should be of use

https://community.auth0.com/t/what-is-the-audience/71414

https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028

system · October 7, 2022, 11:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JWT verifier exception: com.auth0.jwt.exceptions.JWTDecodeException: The token was expected to have 3 parts, but got 5 JWT.io	2	5985	January 19, 2023
ReactJS sdk is giving me a A256GCM encoded JWT Get Help classic-universal-login-experience , login-experience	4	76	March 4, 2025
Why is my access token an invalid format? Get Help apis , application	6	4936	January 13, 2024
Auth0 token not RS256 Get Help auth0 , login	2	3179	December 21, 2022
Why my token has 2 dots (..) in it? JWT.io	4	4586	May 23, 2023

Understanding RS256 Tokens

Related topics