Use encodeToken to generate a token signed with RS256

tomas4 · August 5, 2022, 6:29am

Hi, I am trying to use api.redirect.encodeToken inside an action to encode my token and then send it via sendUserTo. I want to use RS256.

Here is a sample of the code

  const token = api.redirect.encodeToken({
    secret: event.secrets.SECRET_KEY,
    expiresInSeconds: 120,
    payload: {
      // Custom claims to be added to the token
      email: event.user.email,
    },
  });

For the SECRET KEY I am using a RS256 key that I am using in other parts of my app. It works fine anywhere else (validating it with jose).

The problem is, when I decode the token that is generated by the action, its always HS256

Checking the OAuth settings of my app settings I can see its set to RS256 ( and the access token and id_token are both signed with RS256).

I guess the question is, what am I doing wrong or is there any way to sign with RS256 the tokens generated by actions?

I can always import jose and create my own token manually but would love to avoid it

thameera · August 5, 2022, 7:32am

Hey @tomas4, the encodeToken function signs the token with an HS256 signature. It does not support RS256. The secret you pass to it is just a secret key/passphrase, and not an RS256 key. The same secret should be used in the application to validate the token.

If you’d like the token to be signed with RS256, you’ll need to import an npm module like jsonwebtoken and use its methods.

Topic		Replies	Views
Actions - How to sign JWT with RS256? Help jwt , rsa256 , encoding	3	3016	December 22, 2022
Can not verify JWT signed by Auth0 (`api.redirect.encodeToken`) Help extensibility , actions-extensibility	6	1740	June 9, 2023
Create JWT using RS256 with jwt.sign JWT.io jwt , rs256	8	8894	March 2, 2018
Getting RS256 token instead of HS256 Help jwt	7	5422	June 25, 2022
RSA256 to generate signature token Help javascript , rs256 , sha256	2	7028	March 2, 2018

Use encodeToken to generate a token signed with RS256

Related topics