Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UnauthorizedError: jwt audience invalid. expected: undefined

See original GitHub issue

Sorry, probably a PICNIC but I’ve converted https://github.com/connor11528/vuejs-auth-frontend to VueJS2 and it’s wired up to an instance of this server; LogIn/SignUp/LogOut are all working and the server’s creating, memorizing & returning an id_token back fine as long as the server instance is up. However when I call the protected random-quote I get a 401 response and the server logs

UnauthorizedError: jwt audience invalid. expected: undefined

…in the console.

getQuote() {
	    let token = auth.getAuthHeader();
		console.log(token)
        this.$http.get('http://localhost:3001/api/protected/random-quote', { headers: {
		Authorization: token
		}})
		  .then((data) => {
            this.quote = data;
          })
          .catch((err) => console.log(err))
      }

If I remove the authorization header the server logs the following in the console:

UnauthorizedError: No Authorization header was found

I’m certain I’m passing in the Authorization header in the “Bearer {jwt}” format correctly. What else am I missing?

Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImsiLCJpZCI6MiwiaWF0IjoxNDkzOTQyMjQ5LCJleHAiOjE0OTM5NjAyNDl9.RVrM7JL7D0ClQ-zOJijdJxZnUQHXVZKFO8wBvN469C8
xhr.js?14ed:177 GET http://localhost:3001/api/protected/random-quote 401 (Unauthorized)
dispatchXhrRequest @ xhr.js?14ed:177
xhrAdapter @ xhr.js?14ed:12
dispatchRequest @ dispatchRequest.js?91bc:52
xhr.js?14ed:177 XHR finished loading: GET "http://localhost:3001/api/protected/random-quote".
dispatchXhrRequest @ xhr.js?14ed:177
xhrAdapter @ xhr.js?14ed:12
dispatchRequest @ dispatchRequest.js?91bc:52
SecretQuote.vue?325d:31 Error: Request failed with status code 401
    at createError (eval at <anonymous> (app.js:782), <anonymous>:15:15)
    at settle (eval at <anonymous> (app.js:890), <anonymous>:18:12)
    at XMLHttpRequest.handleLoad (eval at <anonymous> (app.js:761), <anonymous>:77:7)

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:12 (4 by maintainers)

Top GitHub Comments

52reactions

unicodevelopercommented, Jun 2, 2017

Hello @Mazzzy please try this:

// Validate access_token
var jwtCheck = jwt({
  secret: config.secret,
  aud: config.audience,
  issuer: config.issuer
});

Change audience to aud in the jwtCheck function as seen in the above piece of code. That should work!

16reactions

unicodevelopercommented, Jun 2, 2017

@Mazzzy and @9swampy. This repo returns two tokens, an id_token and an access_token. The access_token should be the token sent as an Authorization Header.

Also, did you specify the audience in the backend when you cloned this repo?

Top Results From Across the Web

UnauthorizedError: jwt audience invalid - Auth0 Community

Hi, I am trying to run a test in Postman to try out one of my protected end points with this implementation: const...

node.js - UnauthorizedError: jwt audience invalid. expected

You have created API scopes but I don't see any API resources in your code. Please add an API resource with the name...

Resolve Microsoft Graph authorization errors

401 Unauthorized error: Is your token valid? ... in the HTTP authenticate request header or that the token is invalid or has expired....

JSON Web Token Tutorial using AngularJS & Laravel - Toptal

aud: The audience of the token; exp: JWT expiration time defined in Unix time; nbf: “Not before” time that identifies the time before...

Troubleshooting JWT validation - Google Cloud

If the "aud" (audience) claim in a JWT token matches the Endpoints service name, then Cloud Endpoints Frameworks validates the audience and ignores...