You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Decoding only the payload to get the user_id (sub) should be enough (in particular because if the token is not valid, the auth0 api will answer with a 401).
This way we avoid issues if the customer uses RS256 as signing method.
The text was updated successfully, but these errors were encountered:
There is no need to verify the token at this point (since it comes from auth0 server using code response type).
https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_LoginManager.php#L246
Decoding only the payload to get the user_id (sub) should be enough (in particular because if the token is not valid, the auth0 api will answer with a 401).
This way we avoid issues if the customer uses RS256 as signing method.
The text was updated successfully, but these errors were encountered: