Token Signature could not be verified

I am new to Dreamfactory and working on my first app. I am using Auth0 for authentication, Angular 7/ Typescript 3.1.3 for the App. It appears to be successfully passing the jwt Id_token and proper headers with my http request to DF. I just cant seem to get past the error below.

  1. error:

  2. code: 401

  3. context: null

  4. message: “Invalid token: Token Signature could not be verified.”

Is there a setting in DF that I am not aware of? I appreciate the help and all the appropriate mocking I deserve. :slight_smile:

Hi @Chris,

This error is thrown when the Session Token is not passed correctly. Can you share more info of how you are passing it? Using this forum post as reference Invalid token: Token Signature could not be verified

Best,
Kevin McGahey

Thanks for the reply. Here is the code from my Auth.interceptor.

intercept(req: HttpRequest<any>,
          next: HttpHandler): Observable<HttpEvent<any>> {

    const idToken = localStorage.getItem("id_token");

    if (idToken) {

        const cloned = req.clone({
            setHeaders:{
  
              "Content-Type": "application/json",
              "X-Dreamfactory-Session-Token": idToken,
              "X-Dreamfactory-API-Key": this.globals.DREAMFACTORY_API_KEY
            }

        });

        return next.handle(cloned);
    }
    else {
        return next.handle(req);
    }
}

Here is the Header from the chrome dev tools.

So I validated that the Session-Token was passing correctly pulling the token from local storage and from the chrome dev headers above. Here is the decoded token.

  1. {iss: “https://liquidsoft.auth0.com/”, sub: “auth0|5bbc1ef95e09334d778a3e05”, aud: “CmFgMh0WHb8pJj5OoVVLfffP2rCCUuwZ”, iat: 1540340911, exp: 1540376911, …}

  2. at_hash: “U7Tvb9Sig91ebtE-6aMNeA”

  3. aud: “CmFgMh0WHb8pJj5OoVVLfffP2rCCUuwZ”

  4. exp: 1540376911

  5. iat: 1540340911

  6. iss: “https://liquidsoft.auth0.com/

  7. nonce: “N6D-DLyHAA2~6oZLOXievle4IBkegFGF”

  8. sub: “auth0|5bbc1ef95e09334d778a3e05”

Is the issue that the iss is different than site making the call?