UnauthorizedError: invalid algorithm express-jwt

Question

I am displaying some data on my website which returns from node server. It's works perfectly until today. Now I am getting below error on my server console when I go to my web page. I use Auth0 for signin in users.

UnauthorizedError: invalid algorithm
    at C:\workspace\New\MyApp\node_modules\express-jwt\lib\index.js:100:22
    at C:\workspace\New\MyApp\node_modules\express-jwt\node_modules\jsonwebtoken\index.js:155:18
    at nextTickCallbackWith0Args (node.js:420:9)
    at process._tickCallback (node.js:349:13)

What could be the issue?

Answer 1

HS256 is less secure because it is symmetric, (the same secret is shared between the client and server). See this question: RS256 vs HS256: What's the difference?

You can maintain RS256 by using the node-jwks-rsa module to retrieve the signing key:

import jwt from 'express-jwt'
import jwksRsa from 'jwks-rsa'

const secret = jwksRsa.expressJwtSecret({
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 5,
  jwksUri: 'https://<YOUR_AUTH0_DOMAIN>/.well-known/jwks.json',
})

const jwtCheck = jwt({
  secret: secret,
  audience: <YOUR_AUTH0_AUDIENCE_OR_CLIENT_ID>,
  issuer: 'https://<YOUR_AUTH0_DOMAIN>/',
  algorithms: ['RS256'],
})

app.use(jwtCheck)

Answer 2

I had the same problem. I use Auth0 for signin in users. You have to check the algorithm type.

If you're using Auth0 then go to

Client -> Settings -> Advanced Settings -> OAuth

and check the algorithm type. It has to be HS256.

If you're not using Auth0 then check the algorithm type also.