/userinfo call failing with proper aud in token

We have developed a system to login using authu via s SPA. The initial authorization seems to work fine. We receive an access_token back in the URL. This access token shows our proper userinfo endpoint with domain in the aud list. However, when we try to hit the userinfo endpoint we receive 401. The token is still valid. We’ve dropped it into PostMan to try to limit external factors and the call to userinfo still fails with 401. How can I go about getting more information to determine what the cause is?

Hey there @todd.orr welcome to the community!

Interesting - Do you also have your own API as an audience? Is that API configured to use HS256 by chance?

If you’d like to share a decoded (redacted) token here so I can take a quick look that could be helpful. Alternatively, feel free to DM me.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.