UnauthorizedError: invalid algorithm express-jwt

node.js auth0 json-web-token express-jwt
Bishan picture Bishan · Oct 5, 2016 · Viewed 8k times · Source

I am displaying some data on my website which returns from node server. It's works perfectly until today. Now I am getting below error on my server console when I go to my web page. I use Auth0 for signin in users.

UnauthorizedError: invalid algorithm
    at C:\workspace\New\MyApp\node_modules\express-jwt\lib\index.js:100:22
    at C:\workspace\New\MyApp\node_modules\express-jwt\node_modules\jsonwebtoken\index.js:155:18
    at nextTickCallbackWith0Args (node.js:420:9)
    at process._tickCallback (node.js:349:13)

What could be the issue?

Answer

Danny Sullivan picture Danny Sullivan · Aug 24, 2017

HS256 is less secure because it is symmetric, (the same secret is shared between the client and server). See this question: RS256 vs HS256: What's the difference?

You can maintain RS256 by using the node-jwks-rsa module to retrieve the signing key:

import jwt from 'express-jwt'
import jwksRsa from 'jwks-rsa'

const secret = jwksRsa.expressJwtSecret({
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 5,
  jwksUri: 'https://<YOUR_AUTH0_DOMAIN>/.well-known/jwks.json',
})

const jwtCheck = jwt({
  secret: secret,
  audience: <YOUR_AUTH0_AUDIENCE_OR_CLIENT_ID>,
  issuer: 'https://<YOUR_AUTH0_DOMAIN>/',
  algorithms: ['RS256'],
})

app.use(jwtCheck)

Related questions

CORS problems with Auth0 and React

I am currently trying implement Auth0 in my NodeJS + React App. This tutorial given is really good and helpful, though I have one big problem. Every time I try to login/register via Auth0 I get XMLHttpRequest cannot load https://…

Read More
Verifying Auth0 JWT throws invalid algorigthm

I have created an Auth0 client, I am logging in and receive this token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1rVkdOa1l5T1VaQ1JqTkRSVE5EUmtNeU5rVkROMEUyUTBVMFJrVXdPVEZEUkVVNU5UQXpOZyJ9.eyJpc3MiOiJodHRwczovL3RvdGFsY29tbW56LmF1LmF1dGgwLmNvbS8iLCJzdWIiOiJnb29nbGUtb2F1dGgyfDEwMzI5NzA4OTYyMTk5…

Read More
How do I update Node.js?

I did the following to update my npm: npm update npm -g But I have no idea how to update Node.js. Any suggestions? (I'm using Node.js 0.4.1 and want to update to Node.js 0.6.1.)

Read More