Verify Auth0 token in Worker Cloudflare

user13360 · April 14, 2022, 7:05am

'm using auth0 for login after successful login user gets access token, in some backend functions we need to verify token and if successful grant access to function otherwise reject it. I copied public key from auth0 dashboard->advanced settings->certificates since library jwks-rsa isn’t working at all in worker. Here is my code:

const publicKey =`
    MIIDIzCC.....faMQkU`
    const options = {
    audience: ['clientID'],
    issuer: [
      'https://MYDOMAIN/',
    ],
    algorithms: ['RS256'],
  }
  const token =
    'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtp.....Nhe08A'

  jwt.verify(token, publicKey, options, (err, decoded) => {
    if (err) {
      console.log('jwt validation error', err)
    } else {
      console.log('verified token', decoded)
    }
  })

I only have error which says error Anyone idea what I’m doing wrong here?

the · May 9, 2022, 11:47pm

Hey @user13360

I did find (via another outlet) an (now) unpublished Auth0 workers tutorial available via the Wayback Machine here. This might help.

connorads · June 27, 2022, 2:16pm

FYI: Apparently there is a security issue in the code in the archived docs linked by @the
#4016 in Cloudflare-docs repo on GitHub (I can’t post links )

the · June 28, 2022, 7:11am

Great find @connorads!

@lukeed does mention re-adding when fixed which I guess isn’t yet complete.