Invalid access token with jwt-api

[AJNandi]

I'm unable to get the jwt-api example working when using the example react client and the example bun authorizer. I've reproduced the error in this repo. https://github.com/AJNandi/openauth-invalid-jwt-repro Steps in readme.

My jwt-api authToken verification is failing with a message Invalid access token.

I'm using OpenAuth 0.2.6.

The only changes I made to the example code:

• Uses pnpm to organize the code as a monorepo
• Moves subjects into a package /packages/shared-auth that is imported as @repo/shared-auth

Is there some config error with my api server or authorizer? Is the client not creating the jwt correctly? Login/auth flow works fine, but the jwt isn't getting verified in the jwt-api.

The only issue I could think of is:
In the react example the client.authorize call differs from the readme. The react example uses the "code" response:

openauth/examples/client/react/src/App.tsx

Line 61 in 131c552

"code",

But the ReadMe says to use the "token" response In cases where you do not have a server:

openauth/README.md

Line 267 in 131c552

In cases where you do not have a server, you can use the `token` flow with `pkce` on the frontend.

Any help appreciated!

[beeirl]

can you console.log the Authorization header to check if it contains a valid jwt?

[AJNandi]

Logged the header and the jwt looks fairly normal, but I'm new to jwts so I am not sure.

I pasted it into the jwt.io explorer and it says invalid token, and the verify signature section is missing.

I can comment the full token here if needed unless that is not advised.