Auth0 authorizor rejects JWT token from service - "jwt issuer invalid. expected: https://myservice.auth0.com"

Question

I'm walking through the tutorials for setting up auth0 as an API gateway authorizer for AWS listed here: https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers

I am using the recommended authorizer from here: https://github.com/auth0-samples/jwt-rsa-aws-custom-authorizer

The only modification has been to the config files.

However, when testing the authorizer function, I get the following error:

{"name":"JsonWebTokenError","message":"jwt issuer invalid. expected: https://MYSERVICE.auth0.com"}

Where MYSERVICE is the auth0 api I have set up. This is confusing, because I've gotten the jwt token through this method:

curl --request POST \
--url https://MYSERVICE.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"MY_ID","client_secret":"MY_SECRET","audience":"TestApi","grant_type":"client_credentials"}'

The resulting token can be loaded into the debugger tool at https://jwt.io/, and it reports the iss field as https://MYSERVICE.auth0.com

Is there a misconfiguration that might cause this issue?

Answer 1

Went through the entire tutorial after reading your question, and this worked for me (had already done this recently).

Unclear, but from your error message reported in question, it looks like expected issuer does not have a trailing / on the end.

However, mine definitely DID have that. Here a screenshot from JWT.IO of a token that is working.

Can simply send that the API (using postman) and appending it as Authorization Bearer {{token}} header. using the tutorial's api (AWS petshop), receive the output:

[
    {
        "id": 1,
        "type": "dog",
        "price": 249.99
    },
    {
        "id": 2,
        "type": "cat",
        "price": 124.99
    },
    {
        "id": 3,
        "type": "fish",
        "price": 0.99
    }
]

Be helpful to see your JWT token iss and aud (audience) values.