Why is my access token an invalid format?

bryso · January 10, 2024, 3:27pm

This is the token I receive back from auth0, but it has 3 periods in it and two of them are right next to each other. When I put it in https://jwt.io/ I get a message saying it’s not a valid JSON object, and when I try to decode it in my program I get Error: Base64 Invalid Length.

Am I doing something wrong?

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtMTBjYWFhZDFpZWh0NGtxMS51cy5hdXRoMC5jb20vIn0..A4D4qZTbCZ7CEBaP.u5Td3lG4VlQ_SVJhd5Gl7mmQAr_tsoL_-hHqlFqk_g-SxKATUI9rv6Y29HuzdI9xMvk6G5DvyvQsIVL9OlkT4d1kFkliLXdBFhT7QJE6CiA6w5Z_g1tdxHBHnU3XfbFUB_2Mjl8QOPJaEFn9h6rS4qd0bQnzxvnxDykxKEI_6oFYZ1LaZ4Hqc5bT85au0vhDXBpHhc9x5vc1VNuCdH_kwpRoYzriPcjETc97Ns5X_JIgp7i98BBuO-Gm99-mNExMWz3t8kNXG2TKJ3t8hMN7MSYx0U96SICBxdyz97ZdQXmYBua8MlQ7k8EHC6VrPZuqjvJtQM9LWJb0c1CNyJF3agmr.yCLYhA8jcgagRCVeGGeZHA

tyf · January 10, 2024, 6:13pm

Hey there @bryso !

It looks like this is an opaque token as opposed to a JWT - Adding an audience param to however you are initiating an authorize request should resolve the issue.

bryso · January 12, 2024, 1:27pm

Thanks for the clarityon the opaque vs access token, but this is the result of getSession().accessToken from the package @auth0/nextjs-auth0 after a user logs into my app, so I would assume it’s giving me an access token. How would I add an audience param in this scenario?

For more information on what I’m trying to do, I’m taking this Opaque token and passing it to my resource server to fetch more app specific data to show the user. I was intending to use this token to validate the user is who they say they are to my resource server, but when I attempt to validate it throws an error because it’s not a valid access token.

tyf · January 12, 2024, 6:25pm

Thanks for clarifying! You are going about this correctly in attempting to validate a user’s access token, but I still believe you are using an opaque token (which will work against the userinfo endpoint).

You can add the audience param to authorizationParams in handleLogin:

github.com

auth0/nextjs-auth0/blob/main/EXAMPLES.md#access-an-external-api-from-an-api-route

# Examples

- [Create your own instance of the SDK](#create-your-own-instance-of-the-sdk)
- [Customize handlers behavior](#customize-handlers-behavior)
- [Use custom auth urls](#use-custom-auth-urls)
- [Protecting a Server-Side Rendered (SSR) Page](#protecting-a-server-side-rendered-ssr-page)
- [Protecting a Client-Side Rendered (CSR) Page](#protecting-a-client-side-rendered-csr-page)
- [Protect an API Route](#protect-an-api-route)
- [Protecting pages with Middleware](#protecting-pages-with-middleware)
- [Access an External API from an API Route](#access-an-external-api-from-an-api-route)
- [Add a signup handler](#add-a-signup-handler)
- [Use with Base Path and Internationalized Routing](#use-with-base-path-and-internationalized-routing)
- [Use a custom session store](#use-a-custom-session-store)
- [Back-Channel Logout](#back-channel-logout)

See also the [example app](./example-app).

### Create your own instance of the SDK

When you use the named exports, the SDK creates an instance of the SDK for you and configures it with the provided environment variables.

This file has been truncated. show original

bryso · January 12, 2024, 8:44pm

I see, thanks! Crystal clear.

tyf · January 13, 2024, 1:47am

No problem, happy to help

system · January 27, 2024, 1:47am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.