Verify 32 character access token from Lock in my API?

wade.wojcak · May 8, 2018, 4:09am

I am currently allowing a user to log in with Lock on the front end. After the user authenticates, I receive the 32 character access token from authResult.accessToken. I want to take this token and send it to an API endpoint where it can be verified before responding back to the front end with whatever data.

What is the easiest way to verify that this access token is valid? Is there simply an auth0 endpoint I can send it to for verification? I know I can try to verify a JWT with the jsonwebtoken NPM library, but the token I get back from the Lock authentication appears to just be a 32 character token and now a JWT?

andres.aguiar · May 8, 2018, 5:41am

Hi!

What audience are you specifying when configuring Lock?

If you use no audience, or specify ‘/userinfo’, you will get an opaque token valid to call the ‘/userinfo’ endpoint (https://auth0.com/docs/tokens/access-token#access-token-format). If you want a token for your API, you need to specify the audience for the API. In that case, you will get a JWT token you can then verify with jsonwebtoken in your NodeJS app.

Topic		Replies	Views
Authorize user from Lock of SPA with API Help lock , api , spa , authorization	3	3656	March 2, 2018
Authorizaton returning short access token Help access_token	2	4089	March 2, 2018
Lock verify user is logged in & JWT token Help lock-10 , get-user-info-using-	2	6184	March 2, 2018
Access token vs id token Help jwt , authentication , access-token , python , fastapi	1	3156	February 11, 2021
Need help in jwt verification Help jwt , verification	4	5309	September 3, 2019

Verify 32 character access token from Lock in my API?

Related Topics