Using Private Key JWT method with NextJS

marvinjudehk · December 11, 2023, 9:45am

I am currently using the “Private key JWT” Auth method and I’m running into this error when the callback is hit:

] CallbackHandlerError: Callback handler failed. CAUSE: access_denied (Unauthorized)
[0]     at eval (webpack-internal:///(rsc)/./node_modules/@auth0/nextjs-auth0/dist/handlers/callback.js:62:19)
[0]     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[0]     at async eval (webpack-internal:///(rsc)/./node_modules/@auth0/nextjs-auth0/dist/handlers/auth.js:60:24)
[0]     at async /Users/judeagboola/Downloads/sample-01/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:1:66877 {
[0]   code: 'ERR_CALLBACK_HANDLER_FAILURE',
[0]   cause: IdentityProviderError: access_denied (Unauthorized)

I’m using this auth method because the software I want to authenticate users into has some authentication system that I can’t change. It needs a JWT that was signed using a private key that both the software and auth0 know about.

I am using the Nextjs sample while using the following environment variables

AUTH0_SECRET='A long secret value used to encrypt the session cookie. You can generate a suitable string'
AUTH0_BASE_URL='App base URL'
AUTH0_ISSUER_BASE_URL='The URL of your Auth0 tenant domain'
AUTH0_CLIENT_ID='Client ID'
AUTH0_CLIENT_SECRET='Your Auth0 application's Client ID.'

Do I need to pass the public key from my generated pair into an ENV?
Is there any special setup I need to do to get this working?

dan.woda · December 19, 2023, 6:14pm

Hi @marvinjudehk,

Welcome to the Auth0 Community!

Are you seeing anything in the error description? Or your Auth0 Dashboard logs?

jli · August 1, 2024, 12:56am

Hi Dan, I am wondering how can I build login page in my React application (literally with my react components) besides using Auth0.js V9? I have read a lot of doc with vary teches/sdk which are all calling loginWithRedirect function. I know that Universal Login page is recommended as security reason. But all the stack holder or boss would like to see their logo rather than Auth0 logo in their application. Yes, we can customise Universal Login page with our theme but that feature is not really handy and powerful for business users. I also tried Classic Login page, I managed to fully custom it. But how about Passwordless login page? It is rendered by Auth0 lock.show() function so that I can not customise it. Please help me out for this Password less login page followed by OTP code verification page. Thanks a lot!!!