Auth0在本地环境生成JWT,在生产环境中生成JWE。

huangapple go评论53阅读模式
英文:

Auth0 generates JWT in local environment and JWE in production environment Next

问题

I am using Auth0 for authentication in my Next.js app with an Express.js API backend. Everything works fine in my local environment, but when I deploy my application to production, I encounter authentication issues.

When I request an access token from Auth0 in my local environment, I receive a JWT (JSON Web Token), which works as expected. However, when I request an access token from Auth0 in my production environment, I receive a JWE (JSON Web Encryption) token instead. This causes authentication problems, as my backend expects a JWT token.

My jwt checking in the backend:

const { auth } = require('express-oauth2-jwt-bearer');
const jwtCheck = auth({
  audience: process.env.AUTH0_AUDIENCE,
  issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
  tokenSigningAlg: 'RS256'
});

My connection to auth0 in the front:

const auth0 = initAuth0({
    scope: 'openid profile email offline_access',
    audience: process.env.AUTH0_AUDIENCE,
    issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
    baseURL: process.env.AUTH0_BASE_URL,
    clientID: process.env.AUTH0_CLIENT_ID,
    clientSecret: process.env.AUTH0_CLIENT_SECRET,
    secret: process.env.AUTH0_SECRET
});

Any help would be greatly appreciated.

UPDATE:
I've noticed something interesting in my local env. I have replaced all my process.env in my initAuth0 with the actual values of my .env file. And I removed my .env file. The auth connection is made, but I receive a JWE instead of a JWT. This is my production issue.

const auth0 = initAuth0({
    scope: 'openid profile email offline_access',
    audience: "***",
    issuerBaseURL: "***",
    baseURL: "http://localhost:3000",
    clientID: "***",
    clientSecret: "***",
    secret: "****"
});

But if I add AUTH0_AUDIENCE="***" in my .env file and keep all the values in initAuth0 (without the process.env, just the actual values), I get the correct JWT and everything works. Again, I'm talking about locally.

It seems like when trying to retrieve the JWT with getAccessToken(), the AUTH0_AUDIENCE is automatically accessed and therefore needed by Auth0. Again this works locally but not in production.

英文:

I am using Auth0 for authentication in my Next.js app with an Express.js API backend. Everything works fine in my local environment, but when I deploy my application to production, I encounter authentication issues.

When I request an access token from Auth0 in my local environment, I receive a JWT (JSON Web Token), which works as expected. However, when I request an access token from Auth0 in my production environment, I receive a JWE (JSON Web Encryption) token instead. This causes authentication problems, as my backend expects a JWT token.

I have double-checked my environment variables and Auth0 settings, but I cannot find the cause of this discrepancy. How can I ensure that Auth0 generates a JWT access token in both my local and production environments?

My jwt checking in the backend:

const { auth } = require('express-oauth2-jwt-bearer');
const jwtCheck = auth({
  audience: process.env.AUTH0_AUDIENCE,
  issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
  tokenSigningAlg: 'RS256'
});

My connection to auth0 in the front:

const auth0 = initAuth0({
    scope: 'openid profile email offline_access',
    audience: process.env.AUTH0_AUDIENCE,
    issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
    baseURL: process.env.AUTH0_BASE_URL,
    clientID: process.env.AUTH0_CLIENT_ID,
    clientSecret: process.env.AUTH0_CLIENT_SECRET,
    secret: process.env.AUTH0_SECRET
});

Any help would be greatly appreciated.
Thanks

I've verified my env variables in both environments and everything seems fine (to me at least).

UPDATE:
I've noticed something interesting in my local env. I have replaced all my process.env in my initAuth0 with the actual values of my .env file. And I removed my .env file. The auth connection is made, but I receive a JWE instead of a JWT. This is my production issue.

const auth0 = initAuth0({
    scope: 'openid profile email offline_access',
    audience: "***",
    issuerBaseURL: "***",
    baseURL: "http://localhost:3000",
    clientID: "***",
    clientSecret: "***",
    secret: "****"
});

But if I add AUTH0_AUDIENCE="***" in my .env file and keep all the values in initAuth0 (without the process.env, just the actual values), I get the correct JWT and everything works. Again, I'm talking about locally.

It seems like when trying to retrieve the JWT with getAccessToken(), the AUTH0_AUDIENCE is automatically accessed and therefore needed by Auth0. Again this works locally but not in production.

答案1

得分: 0

在Nextjs中,由于env文件的安全性,如果您想在客户端获取一个env,您必须在每个环境变量名称之前加上NEXT_PUBLIC,就像这样:

不要使用AUTH0_AUDIENCE,而应使用NEXT_PUBLIC_AUTH0_AUDIENCE

英文:

In Nextjs because of security in env file, if you want to get an env in client you have to put NEXT_PUBLIC in first of every env name like this:

Instead of AUTH0_AUDIENCE you must use NEXT_PUBLIC_AUTH0_AUDIENCE

答案2

得分: 0

"I deployed my app to Vercel instead of AWS Amplify. I didn't change anything in the config and it worked. I'm really curious if anyone has an idea on what I did wrong on AWS."

英文:

Ok I've found out a way to fix this, I deployed my app to Vercel instead of AWS Amplify. I didn't change anything in the config and it worked.

I'm really curious if anyone has an idea on what I did wrong on AWS.

huangapple
  • 本文由 发表于 2023年4月17日 02:34:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76029650.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定