authToken invalid
I am working on a free version of Xano and possibly found a bug in the last 24hrs. I have an /auth/signup route that originally provided valid JWT tokens but today Xano is returning tokens that are invalid, such as this one:
eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiemlwIjoiREVGIn0.Y0xtw-663tJxsAyLIRj4j2h2SJsoQJmsVqmnYK5AaQft1omsahuJYnpNcQya3PukRnM9qT7SzZptt3V1dk2Sq5pmu4AgVxUq.2A4RZmqZ-MG7iy8N3aPz7w.8InEOZ1T9n3XIrF0ZzXpItNrtYzeRsAq8kNRfmr9Ov9UEgdidX5LnQJa7snL-iSQb3Wq72wP-hhCbmwNsb7glXDTdgC9JHtrMb6tQpz1xMXh7TUPFritoHyeAo2GNgbAP_YmmhLGH_kGV2amd9OaVpKJOZJP6urVEKWyB5kx41A.d7fCUFHSKdu6qjlyVHoDRtv0MFKKyAS2Q2MS5OMb-yk
the original input was:
{ "username": "hellodear", "email": "hellodear@hellodear.com", "password": "password1"}
Has anyone else experienced this? If so, how to resolve?
Best Answer
-
Hi @miacias - sorry, I was a bit confused. You said the token was invalid, I assumed you meant when using this on an authenticated endpoint. Now I see you're trying to decode the Xano authToken in jwt.io - since we don't expose the secret you won't be able to decode it in a third-party source.
It's only used for the Xano authentication engine. If you wish to produce tokens that can be decoded from external sources, you can leverage our JWE or JWS encode functions (note: these will not be supported in the Xano authentication engine).
Answers
-
Hi, can you show your function stack? especially the function where token is being created.
-
-
@miacias - do you have multiple tables with authentication enabled?
-
Hi Michael, I have multiple tables, but only the user table has authentication enabled. My user table's api has /auth/login, /auth/me, and /auth/signup. I've only been testing /api/signup so far and originally had valid tokens returned before today. Thanks so much
-
@miacias can you please record a loom video showing and explaining the issue?
-
Thank you Michael. I hope this video shows the issue adequately. What you will see is that I am testing a user table with username, email, and password in an attempt to return an authToken JWT. I believe that the function for /auth/signup is unchanged from the premade Xano default, however the authToken being returned is invalid, possibly due to the encryption being used is not base64.
-
the authToken was able to decode in jwt.io in Jan or Feb. However, I try authToken in jwt.io recently and shows the same error, while the authToken still valid in xano's API calls and works fine.
I donot know why, but it seems the changes by Xano is just add a layer complexitiy.
-
Thanks for the feedback Andy. What is strange to me is that I was originally using
import decode, { JwtPayload } from 'jwt-decode';package this month and getting correct values very recently and that now it is no longer working. What tools do you use to decode?JWT.io returns things that look like this, which might contain ascii or unicode? I'm not sure how to handle this:
`"cLm�����q�\f�!\u0018��hvH�(@��V��`�@i\u0007�։�j\u001b�bzMq\f����Fs=�>�͚m�uuvM���f�� W\u0015*"`
-
Thanks so much Michael. That answers my question! I appreciate all your help. Have a great one
-
Awesome! No problem
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback