InvalidTokenError: Failed to fetch authorization server metadata

[SaiMadhav9494]

Checklist

• [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Been using this library to validate the access tokens and recently started to get a 401 error saying Failed to fetch authorization server metadata.

As I started to dig into the library code, found out that the discovery method is failing to fetch the openid and oauth configs.

Note: I have verified my issuer url and seems to be good.

Pasting the error being thrown inside the catch block of the discover method:

AggregateError: 
    at internalConnectMultiple (node:net:1114:18)
    at internalConnectMultiple (node:net:1177:5)
    at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
    at listOnTimeout (node:internal/timers:575:11)
    at processTimers (node:internal/timers:514:7) {
  code: 'ETIMEDOUT',
  [errors]: [
    Error: connect ETIMEDOUT 104.19.167.24:443
        at createConnectionError (node:net:1634:14)
        at Timeout.internalConnectMultipleTimeout (node:net:1685:38)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -110,
      code: 'ETIMEDOUT',
      syscall: 'connect',
      address: '104.19.167.24',
      port: 443
    },
    Error: connect ENETUNREACH 2606:4700::6813:a718:443 - Local (:::0)
        at internalConnectMultiple (node:net:1176:40)
        at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -101,
      code: 'ENETUNREACH',
      syscall: 'connect',
      address: '2606:4700::6813:a718',
      port: 443
    },
    Error: connect ETIMEDOUT 104.19.168.24:443
        at createConnectionError (node:net:1634:14)
        at Timeout.internalConnectMultipleTimeout (node:net:1685:38)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -110,
      code: 'ETIMEDOUT',
      syscall: 'connect',
      address: '104.19.168.24',
      port: 443
    },
    Error: connect ENETUNREACH 2606:4700::6813:a818:443 - Local (:::0)
        at internalConnectMultiple (node:net:1176:40)
        at Timeout.internalConnectMultipleTimeout (node:net:1687:3)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      errno: -101,
      code: 'ENETUNREACH',
      syscall: 'connect',
      address: '2606:4700::6813:a818',
      port: 443
    }
  ]
}

Assuming the time out (5000 ms) specified inside the fetch method is causing to fail and throw. Because when I have tried to fetch the openid configs using curl with the specific url https://{issuer_base_url}/.well-known/openid-configuration, I was able to get the configs.

Reproduction

1. Generate an auth0 access token and append to the authorization header of the request: authorization: Bearer access_token.
2. Use the express-oauth2-jwt-bearer library to validate the token.

   
   import { auth as auth0 } from 'express-oauth2-jwt-bearer';
   import { promisify } from 'util';

async validateAuth0Token(req: Request, res: Response) { const validateToken = promisify( auth0({ issuerBaseURL: ISSUER_BASE_URL, audience: AUDIENCE, tokenSigningAlg: 'RS256', }), );

await validateToken(req, res);

}

### Additional context

_No response_

### express-oauth2-jwt-bearer version

1.6.0

### Node.js version

20.10.0

[SaiMadhav9494]

tried removing the timeoutDuration and still getting the same error.

also tried this package and getting the same error. not sure if I need to bring this up with the Auth0 community.

[abhi07sh]

Any solution for this ?

[walosha]

same issue

[abhi07sh]

I solved it by setting NODE_TLS_REJECT_UNAUTHORIZED to 0

[walosha]

I solved it by setting NODE_TLS_REJECT_UNAUTHORIZED to 0

just again this morning and it worked. no changes made to my app