Why is my access token an invalid format?

This is the token I receive back from auth0, but it has 3 periods in it and two of them are right next to each other. When I put it in https://jwt.io/ I get a message saying it’s not a valid JSON object, and when I try to decode it in my program I get Error: Base64 Invalid Length.

Am I doing something wrong?

eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtMTBjYWFhZDFpZWh0NGtxMS51cy5hdXRoMC5jb20vIn0..A4D4qZTbCZ7CEBaP.u5Td3lG4VlQ_SVJhd5Gl7mmQAr_tsoL_-hHqlFqk_g-SxKATUI9rv6Y29HuzdI9xMvk6G5DvyvQsIVL9OlkT4d1kFkliLXdBFhT7QJE6CiA6w5Z_g1tdxHBHnU3XfbFUB_2Mjl8QOPJaEFn9h6rS4qd0bQnzxvnxDykxKEI_6oFYZ1LaZ4Hqc5bT85au0vhDXBpHhc9x5vc1VNuCdH_kwpRoYzriPcjETc97Ns5X_JIgp7i98BBuO-Gm99-mNExMWz3t8kNXG2TKJ3t8hMN7MSYx0U96SICBxdyz97ZdQXmYBua8MlQ7k8EHC6VrPZuqjvJtQM9LWJb0c1CNyJF3agmr.yCLYhA8jcgagRCVeGGeZHA

Hey there @bryso !

It looks like this is an opaque token as opposed to a JWT - Adding an audience param to however you are initiating an authorize request should resolve the issue.

Thanks for the clarityon the opaque vs access token, but this is the result of getSession().accessToken from the package @auth0/nextjs-auth0 after a user logs into my app, so I would assume it’s giving me an access token. How would I add an audience param in this scenario?

For more information on what I’m trying to do, I’m taking this Opaque token and passing it to my resource server to fetch more app specific data to show the user. I was intending to use this token to validate the user is who they say they are to my resource server, but when I attempt to validate it throws an error because it’s not a valid access token.

Thanks for clarifying! You are going about this correctly in attempting to validate a user’s access token, but I still believe you are using an opaque token (which will work against the userinfo endpoint).

You can add the audience param to authorizationParams in handleLogin:

I see, thanks! Crystal clear.

1 Like

No problem, happy to help :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.