403: {"detail": "Invalid issuer"}

[jessicalundin]

Hi I'm new to Auth0 and authentication. I worked through the tutorial[https://auth0.com/blog/build-and-secure-fastapi-server-with-auth0/] and keep getting a 403 error: {"detail":"Invalid issuer"}% when I use the command:

curl -X 'GET' \
  'http://127.0.0.1:8000/api/private' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>

I can run the sample commands within Auth0 to get the access token, so clearly this piece is working.

curl --request POST \
  --url https://dev-1mpoitrd3j6qadab.us.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"<client_id>","client_secret":"<secret>","audience":"https://fastapiexample.com","grant_type":"client_credentials"}'

the .env file:

AUTH0_DOMAIN = XXX.auth0.com
AUTH0_API_AUDIENCE = https://fastapiexample.com
AUTH0_ISSUER = https://XXX.auth0.com
AUTH0_ALGORITHMS = RS256

Current thought is the JWT token is not working.

[jessicalundin]

Looks like one must have an enterprise account to have JWT tokens. Default is client secret.

[IanJempson]

@jessicalundin I had the same issue, but found the problem was my .env file.
change
AUTH0_ISSUER = https://XXX.auth0.com
to
AUTH0_ISSUER = https://XXX.auth0.com/
and it should work. At least that's where I found I was going wrong.