Auth0 Home Blog Docs

Weird issues with Azure and jwt tokens



Hello everyone!

I’m having the weirdest issues with auth0 and azure mobile services.

Some background:
I have a small app and website running with Azure App Services as the backend. It has run for a number of years but suddenly, some two-three weeks ago, my web site, that is using the same REST-API as the app, stopped working. ( It is throwing 401-errors when trying to access the Azure service.)

But, the app is still working.
Since my Objective-C skills aren’t that great I threw together an c# thing that is simply using the Auth0 nuget like this:

 auth0.LoginAsync("Username-Password-Authentication", txtUser.Text, txtPassword.Password)
                    .ContinueWith(t =>
                               theToken = t.Result.IdToken;

After some trouble shooting, I’ve seen that calling the Azure REST-API, using curl, with the token received from the above call works. But, if I am using the token returned by https://[myservce][myclient]&scope=openid&response_type=token&redirect_uri=http://localhost:50630/LoginCallback.ashx, it is not working.

I’ve pasted both tokens into and the working token and non working token are nearly identical, apart from that the signature of the working token does not verify, but the non working does. (And the working has two more keys; “ver” and “uid”).

It looks like Azure is using some other way of verifying the token, and has recently changed it (or Auth0 has changed something in their end)

I’m leaning towards rewriting the web app using server side authentication as a work around, but I’d still like to know why this is happening