I was attempting to implement the user-profile from chapter 5 and it just does not work.After running the Lambda function i get this:

Failed jwt verification: { [JsonWebTokenError: invalid signature] name: 'JsonWebTokenError', message: 'invalid signature' } auth: Bearer


2017-01-25T00:57:31.287Z 3f67a758-e299-11e6-a424-e1f21707f576
"errorMessage": "Authorization Failed"

after looking at the script, it appears to be decoding base 64 and some more digging around I found that Auth0 does not use base64 encoding for client secret keys generated anymore (after Dec 6 2016).. Here is the thread.


Is that correct? if so could you please post updated code


Update: Changing this line from using base64 to utf8 worked for me in both user-profile and customer-authorizer Lambda functions. Hope this helps someone else.

var secretBuffer = new Buffer(env.AUTH0_SECRET, 'utf8');

I was trying to complete exercise 3.2 item 2 - delete invalid files off a S3 bucket. I cannot figure out why the code below does not work. the role has the correct inline policy (plus i have opened it right up for s3 admin rights to test). I have checked the cloudwatch logs and the function reports that the file has been deleted as below in the js code

but no matter what i do i cannot delete a file off the s3 bucket.

I am fairly sure the below code and permissions are correct - so was wondering if anyone has had a similar problem - or am I missing something. This is a great book and really like the challenge exercises.

IAM policy found on the net

"Statement": [
"Sid": "Stmt1423535846414",
"Action": [
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket-name/*"




var s3 = new AWS.S3();

function deleteS3object(ObjName) { // Delete files of invalid extensions , but currently not working???
var objectName = ObjName;
console.log("s3 Object Name:" + ObjName);

var params = {
Bucket: 'mybucket-name' ,
Key: '/' + objectName
s3.deleteObject(params, function (err, data) {
if (data) {
console.log("File deleted");
else {
console.log("Error file NOT deleted: "+err);