I know what this is saying and there was a github issue about this but it was closed by @ryan.chenkie who pointed to this code sample as the fix.
That code sample uses ‘access_token’ when calling an api. I followed the example exactly but keep getting the above error. I can authenticate, I receive the ‘authResult’ object but clearly ‘access_token’ is invalid as a bearer token. I have gotten my api to work using lock. I just thought I would try the hosted login (whish is enabled) based on the quickstart recommendations. Any ideas? Thanks.
It sounds like you may be getting an opaque access token instead of a JWT access token. To get a JWT access token you must have an API registered in the APIs section and you must use the identifier for it as the audience parameter in your auth0.WebAuth config.
Can you confirm that you have an API registered and that you are using its identifier as the audience parameter in your config?
I have mostly figured it out. I had my settings wrong. I started Auth0 with a slightly different auth flow. You used to have client id and secrets and all that stuff. I remember the email a while back about this changing. Everything is working accept my api (.net core) is not sending ‘access-control-allow-orgin’ headers on the actual get requests (is on the optionis call, weird). The bearer token (from ‘access_token’) now looks correct when using jwt.io(https:jwt.io). My other problem is out of the scope of Auth0 so I will accept your answer. Thanks a bunch Ryan!
I have same error. I solve this this error.
Create new API in auth0. give Unique Identifier name. I took “NodeAPI”
I mention below config code. auth0 = new auth0.WebAuth({ clientID: 'Hg3EhAWKgrPrX5UNGqFQA5vTbVGWF', domain: 'xyz.auth0.com', responseType: 'token id_token', audience: 'NodeAPI', redirectUri: 'http://localhost:4200/callback', scope: 'openid' });
Happy to help you