JWT must have 3 parts

[Steven-Harris]

I am getting the following error and I am not quite sure how to debug/fix it. Thoughts?

Error: JWT must have 3 parts
    at JwtHelper.decodeToken (angular2-jwt.js:236) [angular]
    at JwtHelper.getTokenExpirationDate (angular2-jwt.js:246) [angular]
    at JwtHelper.isTokenExpired (angular2-jwt.js:255) [angular]
    at tokenNotExpired (angular2-jwt.js:274) [angular]
    at AuthHttp.requestWithToken (angular2-jwt.js:107) [angular]
    at DeferSubscriber.factory (angular2-jwt.js:146) [angular]
    at DeferSubscriber._callFactory (DeferObservable.js:92) [angular]
    at DeferSubscriber.tryDefer (DeferObservable.js:85) [angular]
    at new DeferSubscriber (DeferObservable.js:81) [angular]
    at DeferObservable._subscribe (DeferObservable.js:71) [angular]
    at DeferObservable.Observable._trySubscribe (Observable.js:57) [angular]
    at DeferObservable.Observable.subscribe (Observable.js:45) [angular]
    at MapOperator.call (map.js:54) [angular]
    at Observable.subscribe (Observable.js:42) [angular]

[chenkie]

it sounds like you probably have an opaque access token in local storage instead of a JWT. Can you check what you have for your access_token?

Which sample are you trying? Have you configured your audience to use your API identifier?

[Steven-Harris]

Hey @chenkie thanks for your help, I have verified that the audience is correct and my api that has the same audience is working.
I am unfamiliar with checking the access_token. What should I do to check it?

Thanks,

[chenkie]

You can check for the token in local storage in dev tools, assuming you're storing it there as is done in the sample :) Basically we want to check whether the access token is a short string or whether it is a JWT which will be much longer.

[Steven-Harris]

Ok, I looked at my access_token in localstorage and you suspected right. The access token is a short string about 14 characters

[Steven-Harris]

What do I need to do to set the access_token with the JWT one?

I am using the same pattern as example 1

 localStorage.setItem('access_token', authResult.accessToken);
 localStorage.setItem('id_token', authResult.idToken);

[chenkie]

those are the correct lines. The access_token you get back will either be a 14 char string like that, or a JWT. It's a JWT if you have a valid audience set as your API identifier.

What do you have set as your audience?

[Steven-Harris]

I have the following in my auth0.WebAuth object
audience: 'https://api.stevenharrisdev.com',
and this matches what I have on my api and the auth0 dashboard

[chenkie]

Hmm you should be getting a JWT then. Maybe try creating another test API in Auth0 and see if anything changes. Otherwise we'll probably need to route you to support and get you to send in a HAR file.

[Steven-Harris]

Is there any way I can get a jwt token as my access_token or is there a reason I am not? I have a jwt for my id_token but not my access_token.

[chenkie]

The id_token will always be a JWT. The access_token should be as well if you have your audience set to your API identifier. Did you try with a different (new) API? Also, just for good measure, try going to the OAuth settings for your client and make sure that the OIDC Conformant switch is flipped to on.

[Steven-Harris]

oh ok,
Yeah I tried with a new api and it didn't do anything different. Let me check the OIDC Conformant. - This is configured in Auth0 settings page right?

[Steven-Harris]

Ok "OIDC Conformant", was not turned on but I need to figure out how to fix my call back after I login. It is redirecting to my oauth domain and not my localhost for some reason.

[chenkie]

What do you have set as your callback?

I should have asked earlier, but are you using Auth0Lock or auth0.js for your project?

[Steven-Harris]

Auth0-js. I have my local host set as my call back. But for some reason it redirects me to an error page at stevenharrisdev.auth0.com/login/callback

…

On Fri, May 26, 2017 at 9:59 PM Ryan Chenkie ***@***.***> wrote: What do you have set as your callback? I should have asked earlier, but are you using Auth0Lock or auth0.js for your project? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHXNMpj2ajVKqDyhrK7uIeSUq8JA6o73ks5r95GFgaJpZM4Nl92k> .

[Steven-Harris]

Also I am running angular 4

[chenkie]

Ah ok--do you have your callback route set as an Allowed Callback URL in your client settings?

[Steven-Harris]

Yep. I have double checked that all possible routes in the callback. I have to turn oidc back to off for it to work

…

On Sun, May 28, 2017 at 6:51 PM Ryan Chenkie ***@***.***> wrote: Ah ok--do you have your callback route set as an Allowed Callback URL in your client settings? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHXNMsB9sPXKGTblopObAMSY5n0cp_8gks5r-ghlgaJpZM4Nl92k> .

[chenkie]

Ok, but you're getting a JWT access token now?

[Steven-Harris]

With the oidc off its back to where it was before. With oidc on it is not giving me any tokens

…

On Mon, May 29, 2017 at 9:07 AM Ryan Chenkie ***@***.***> wrote: Ok, but you're getting a JWT access token now? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHXNMubGpXFS5Ov3U3JMH0i-AO7vbcQoks5r-tElgaJpZM4Nl92k> .

[chenkie]

Ok at this point it's probably best to send in a support request. It might be something specific to your account.

[Steven-Harris]

Ok, you got a link. I am seeing nothing but articles

…

On Mon, May 29, 2017 at 10:23 AM Ryan Chenkie ***@***.***> wrote: Ok at this point it's probably best to send in a support request. It might be something specific to your account. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHXNMlhd1p1uk7F1NhWLUp6pCutnkpfmks5r-uLbgaJpZM4Nl92k> .

[chenkie]

Did you check https://support.auth0.com? If you have a plan that comes with support then you can open a ticket. Otherwise you can post something in the community form here: https://community.auth0.com/

[Steven-Harris]

Ok I have restarted everything and created a clean copy of the embedded login branch..
I have the follow urls in the "allowed callback" and "allowed cors"

http://localhost:4200/#/login, http://localhost:4200/#/callback,
http://localhost:4200/login,
http://localhost:4200/callback,
http://localhost:4200/*

I am just getting "Cross origin login not allowed." every time

[Steven-Harris]

CORS error is only happening on the custom login and not when using AuthLock

[chenkie]

Any other details that come with the error? @luisrudge is there anything you can suggest we try given the cross-origin error?

[Steven-Harris]

That is all I can find in the console error. It's not much to go on. Side note. Using the auth lock I still have the same result with the access_token. The access token is still not a JWT

…

On Tue, May 30, 2017 at 1:19 PM Ryan Chenkie ***@***.***> wrote: Any other details that come with the error? @luisrudge <https://github.com/luisrudge> is there anything you can suggest we try given the cross-origin error? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHXNMq3fAdTzlvLrHVOCNmG-tPj0vXUYks5r_F2PgaJpZM4Nl92k> .