Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Could not verify token generated by Auth0
See original GitHub issueI am trying to verify a token created by Auth0, but am unable to do so using this library.
I am using the following token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI0N2RlYWE1Ny00YzFjLTRlYjktOTdjZS1hNDMwMjUzNTE3OTUiLCJlbWFpbCI6ImFudmFyQGthcmltc29uLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ1c2VyX2lkIjoiYXV0aDB8NTY0Nzg4YjYwNzc2NWMzMjFlMWU3MmM5IiwibmFtZSI6ImFudmFyQGthcmltc29uLmNvbSIsImlzcyI6Imh0dHBzOi8vcXVhbnQtdGVjaG5vbG9naWVzLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1NjQ3ODhiNjA3NzY1YzMyMWUxZTcyYzkiLCJhdWQiOiJqd2lGcHpCcDVTWnd5elR4dm1jY1Y3YmlFTmJkNXBwUyIsImV4cCI6MTQ1MDkzNzYwMSwiaWF0IjoxNDUwODY1NjAxfQ.kiXE6zmFcesCnwwFXiXrCkXK_x4ZZwsJjs0fxcdDPPE
The client secret used is myClientSecret, and I can successfully verify it using the debugger at jwt.io but the following code consistently fails with an invalid signature error message.
var token = ...;
var secret = 'myClientSecret';
JWT.verify(token, secret, function (err, decoded) {
console.info(err); // { [JsonWebTokenError: invalid signature] name: 'JsonWebTokenError', message: 'invalid signature' }
console.info(decoded); // undefined
});
Issue Analytics
- State:
- Created 8 years ago
- Reactions:3
- Comments:6
Top Results From Across the Web
Unable to verify jwt generated by auth0
Access Tokens signed with HS256 need to be validated with the Signing Secret of the API, rather than the client_secret . You can...
Read more >Troubleshoot Invalid Token Errors - Auth0
Error Message: The ID token cannot be validated because it was signed using the HS256 ... You can decode, verify and generate JWTs...
Read more >Validate Access Tokens - Auth0
Identity Provider (IdP) access tokens do not require validation. Pass the IdP access token to the issuing IdP to handle the validation. For...
Read more >Validate JSON Web Tokens - Auth0
Describes how to parse and validate a JSON web token (JWT). ... The JWT token signature is generated using a Signing Algorithm ....
Read more >Validate ID Tokens - Auth0
Auth0 issues all ID tokens in JSON web token (JWT) format. If any of these checks fail, the token is considered invalid, and...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hey @anvar, looks like an encoding issue:
Weird that “stringifying” the buffer doesn’t work though:
@aleixx thanks it works like a charm without base64 encoding 😃