nextjs-auth0: "failed to validate JWT signature"

Description

When the user is returned to my callback url api/auth/callback, I receive the error:

RPError: failed to validate JWT signature

My setup is incredibly basic, so can’t seem to find anything idiosyncratic in my app that would be causing the issue - although this is my first time working with auth0, so it could be a simple config issue.

When checking auth0, I can see the user login/signup is registered, just the handleCallback method fails with the above error.

my callback url at /api/auth/callback.ts:

import auth0 from "../../../utils/auth0";
import { NextApiRequest, NextApiResponse } from "next";

export default async function callback(
  req: NextApiRequest,
  res: NextApiResponse
) {
  try {
    console.log(res, req);
    await auth0.handleCallback(req, res, { redirectTo: "/" });
  } catch (error) {
    console.error(error);
    res.status(error.status || 400).end(error.message);
  }
}

my login url at : api/auth/login.ts:

import auth0 from "../../../utils/auth0";
import { NextApiRequest, NextApiResponse } from "next";

export default async function login(req: NextApiRequest, res: NextApiResponse) {
  try {
    await auth0.handleLogin(req, res);
  } catch (error) {
    console.error(error);
    res.status(error.status || 400).end(error.message);
  }
}

My initAuth0:

import { initAuth0 } from "@auth0/nextjs-auth0";

export default initAuth0({
  domain: [removed],
  clientId: [removed],
  clientSecret:
   [removed],
  scope: "openid profile",
  redirectUri: "http://localhost:3000/api/auth/callback",
  postLogoutRedirectUri: "http://localhost:3000/",
  session: {
    // The secret used to encrypt the cookie.
    cookieSecret: [removed - i just added a 32 char random string here],
    // The cookie lifetime (expiration) in seconds. Set to 8 hours by default.
    cookieLifetime: 60 * 60 * 8,
    // Store the id_token in the session. Defaults to false.
    storeIdToken: false,
    // Store the access_token in the session. Defaults to false.
    storeAccessToken: false,
    // Store the refresh_token in the session. Defaults to false.
    storeRefreshToken: false
  },
  oidcClient: {
    // Optionally configure the timeout in milliseconds for HTTP requests to Auth0.
    httpTimeout: 2500,
    // Optionally configure the clock tolerance in milliseconds, if the time on your server is running behind.
    clockTolerance: 10000
  }
});

My setup in auth0

image

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 17 (2 by maintainers)

Most upvoted comments

@BjoernRave can you create a minimal project or link to repository to check the code?. Because this way I can’t know why is the problem.

+1
Afsoon on Jan 23, 2020
Read more comments on GitHub
← nextjs-auth0: Error: You forgot to wrap your app in <UserProvider> when using Head from 'next/head'
nextjs-auth0: handleCallback - Cannot read property 'toString' of undefined error →