Understanding RS256 Tokens

mhamrah · September 23, 2022, 3:51pm

I’m using the auth0-spa-js library using RS256 signing, and I’m seeing tokens with five parts (four periods). Snippet below. This seems to go against the three-part JWT structure. I’m curious what the deal is here? Can’t find any documentation on how the structure would change for this signing and how to verify.

This is the exact payload that was returned after calling getTokenSilently():

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9oYW1yYWguYXV0aDAuY29tLyJ9..8eNPbSQoVv0qKBKA.gv9d1TK5iJVDKgzWDuOBTDrCr39UkcKp4wvj-yZg-mS48kQpvg9mxmo05sCm2V5JKfaTDqKvcnOGp4o97aItDQNJxIfPhw5Id86XXicSljnewJ_bbV5DEG3q4VYkm9dapWyRuQW3Fx3i0KzTIJ0YClK7oaD8E6o8SavIFrNwOw2zhtXVX4a1xpIHJFYdNTmAUJ3Eo6EwHDiaW31BWw8BIKeKRN1FHnqO1IlLCgxi_qA3HM3rvLPJJuqBXaYBPZnMO2m07MlnkqpKHY7O-2GovktfY7UHTpyeBms6hPn8VXF061tmzA.pBt4_0LMVg78B7a9UzdkHg

tyf · September 23, 2022, 11:55pm

Hello there @mhamrah welcome to the community!

It looks like you’re receiving an opaque access token as opposed to a JWT. Are you including a valid audience in your authorize request? The following topics should be of use

system · October 7, 2022, 11:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Audience yes, no, why? Help jwt , access-token , opaque-tokens	7	5619	March 27, 2021
Audience value in returned Bearer token JWT is a list Help userinfo , password , access_token , audience , access-token	2	7471	March 2, 2018
Building Secure APIs with Rails 6 and Auth0 Blog Discussions auth0 , rails-api	16	5514	May 31, 2022
Not able to access /userinfo from created API Help access-token-userinf	5	5860	March 2, 2018
getTokenSilently() returns a 32 character string, not JWT Help jwt , auth0 , api	3	5367	December 12, 2019

Understanding RS256 Tokens

Related Topics