Skip to main content
Question

Invalid or malformed JWT using Auth0

  • 6 October 2021
  • 0 replies
  • 100 views

I am in the process of creating some triggers for Zapier based off our existing API which is secured using JWT tokens and Auth0.com authentication. 

I have created my authentication and set it to OAuth2 flow, and entered my client id, secret, scopes, audience, along with setting the correct endpoints for authorization and access token request urls. 

I then enter the url of my API and attempt to try it. I then login using my credentials and the auth flow looks like it succeeds but the end result in a HTTP401 access denied from my API. I put some additional logging into the PAI to log out the Bearer token that is being submitted to it. The Bearer token ends up looking like this Bearer cPb_iBCYAIti3lZwR7Rl1RusafVV-ReA which is clearly not a Bearer token as its not three parts delimited by a period.

In the call to our test api it has the Authorization header being set to the default of Bearer {{bundle.authData.access_token}} which looks like it should work as the call to the access token endpoint returns a json structure with an access_token in it.  Looking at the data above it maybe looks like its trying to use one of the authorisation codes from one of the other API calls.

Anyone shed any light on getting this to work with Auth0?