Getting a 401 Unauthorized when hitting our custom backend API from a React app, even though the Genesys Cloud implicit grant flow works fine for UI rendering.
The issue is validating the ID token on the server side. I’m using the jwt-decode library in React to pass the token, but the backend validation logic throws an error about the signature.
// Backend validation const decoded = jwt.verify(token, publicKey, { algorithms: ['RS256'] });
The error is:
JsonWebTokenError: invalid signature
I grabbed the JWKS from https://platform.devtest.genesys.cloud/.well-known/jwks.json. The kid matches. The token decodes fine in jwt.io using the public key. But the code fails.
Is there something specific about the Genesys Cloud implicit grant tokens that requires a different verification step? Or am I missing a claim check? The token has the iss claim set to https://platform.devtest.genesys.cloud/oauth2/token.
Tried:
- Checking expiry (
exp) - Verifying
issmatches - Using the correct
kid
Nothing works. The signature just won’t verify in code.