HS256 not supported

[namel]

authentication fails, console indicates error:
"invalid_token" "Algorithm HS256 is not supported. (Expected algs: [RS256])"

I found a workaround to this on issue: auth0/auth0.js#303

but since this is a sample app, it should work right out-of-the-box

[chenkie]

Hi @namel

Which sample in particular did you get the error in?

[namel]

it was on 01-Login

[chenkie]

Did you make any changes to the config in the AuthService? The reason I ask is that with the configuration that's there, it should force the ID token to be signed with RS256.

[namel]

No I did not. After applying the workaround described above, I'm now getting an error that the token is signed in the future, even though my time is set automatically over the network.

This could be related do my environment though? I'm on the Linux Subsystem for Windows. Another thing that fails on this environment is that the uniqid package fails (see microsoft/WSL#468)

[chenkie]

for issues with system clocks you can add the leeway option in your WebAuth config. I'd start with 5 seconds.

auth0 = new auth0.WebAuth({
  // ...
  leeway: 5
});

[chenkie]

Also can you check which "Client Type" you have set in the clients settings in the Auth0 dashboard?

[ssaso]

@namel choosing single-page-app in "Client Type" solved my problem

[sinedsem]

Yes!! To solve invalid_token error with description
Algorithm HS256 is not supported. (Expected algs: [RS256])
one should set "Client Type" at https://manage.auth0.com/#/clients to Single Page Application

[schwer]

Why does this work?