Auth0 Management API Token returns 401, Invalid signature received for JSON Web Token validation

2
votes

I am trying to get an auth0 token which allows me to create/update users on auth0 through my backend service for user management.

I followed the instructions at https://auth0.com/docs/api/management/v2/tokens,(Auth0 Management API -> API Explorer -> Copy Token) to generate the token. However, the token doesn't work for me. I get a 401 status response with the body below:

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid signature received for JSON Web Token validation",
  "attributes": {
    "error": "Invalid signature received for JSON Web Token validation"
  }
}

I added all scoped just to be safe. I tried both ruby auth0 client and the UI for testing tokens at https://auth0.com/docs/api/management/v2

I did not find a solution yet at the auth0 forum so asking here. Many thanks.

2
auth0

2 Answers

0
votes

I found the issue and managed to fix it.

It was the expiry in the token which I set to very large. The token generated however had value for the expiry as null. This was breaking the authentication.

I then set the token expiry far into the future(300 years) and it worked for me.

0
votes

Rather than set a large expiration, consider using Client Credentials grant flow and re-requesting new token when the exising one expires. This is a much safer option as your token would expire say 24 hours after it was leaked in the event of a security breach.

Here is an example code on how to achieve this together with a simple test for that code.

If you have any questions, please feel free to leave comments below.