Right now I believe I have most things setup correctly. Auth0 is saving the jwt to the client who is then using it for future requests. I use express-jwt to verify the token. From reading the Auth0 docs, I think I need the client secret (when I use that to decode the jwt I get an odd error: UnauthorizedError: error:0906D06C:PEM routines:PEM_read_bio:no start line) So I'm just wondering where about's this secret key comes from?
Thanks
Current code which just decodes the JWT into its signing scheme etc:
const jwtCheck = jwt({
secret: jwks.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://xelitexirish.eu.auth0.com/.well-known/jwks.json'
}),
audience: 'https://www.shaunoneill.com',
issuer: 'https://xelitexirish.eu.auth0.com/',
algorithms: ['RS256']
});
Based on comment from OP, to read the values of the body of JWT, simply base64 decode it. You can use a library for this, eg jwt-decode for nodejs.
See example usage below (taken from README for lib):
var jwtDecode = require('jwt-decode');
var token = 'eyJ0eXAiO.../// jwt token';
var decoded = jwtDecode(token);
console.log(decoded);
/* prints:
* { foo: "bar",
* exp: 1393286893,
* iat: 1393268893 }
*/
The claims that will be in your Token (here, referring to ID Token) are dependent on what scope you provided when you authenticated. For instance, if you use scope: openid profile email you will get everything returned inside your ID Token.
Here, assumed the JWT was verified using library, and now you have the JWT you'd like to read some if its claims from the body.