I am displaying some data on my website which returns from node server. It's works perfectly until today. Now I am getting below error on my server console when I go to my web page. I use Auth0
for signin in users.
UnauthorizedError: invalid algorithm
at C:\workspace\New\MyApp\node_modules\express-jwt\lib\index.js:100:22
at C:\workspace\New\MyApp\node_modules\express-jwt\node_modules\jsonwebtoken\index.js:155:18
at nextTickCallbackWith0Args (node.js:420:9)
at process._tickCallback (node.js:349:13)
What could be the issue?
HS256 is less secure because it is symmetric, (the same secret is shared between the client and server). See this question: RS256 vs HS256: What's the difference?
You can maintain RS256 by using the node-jwks-rsa module to retrieve the signing key:
import jwt from 'express-jwt'
import jwksRsa from 'jwks-rsa'
const secret = jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://<YOUR_AUTH0_DOMAIN>/.well-known/jwks.json',
})
const jwtCheck = jwt({
secret: secret,
audience: <YOUR_AUTH0_AUDIENCE_OR_CLIENT_ID>,
issuer: 'https://<YOUR_AUTH0_DOMAIN>/',
algorithms: ['RS256'],
})
app.use(jwtCheck)