Starting today, login is failing in the UI. On the login page we see the error “Git Gateway Error: [object Object]”. In the network tab the request returns 401 Unauthorized with the message “Invalid token: json: cannot unmarshal array into Go struct field GatewayClaims.aud of type string”.
This was working last night and began failing today, and we are not aware of any changes on our side. The project is quite old and has been in maintenance mode for several years.
Our initial suspicion is that the JWT token format has changed and the aud claim is now being sent as an array while the Git Gateway expects a string, which causes authentication to fail.
I too am seeing this issue accross multiple projects of mine, I’ve tried running through all the troubleshooting paces, regenerating the API key automatically, and manually. None of the github / netlify services related to this are showing down?
we are still not getting around this issue, we have started to setup our content publishers to use local git (which is not best for their non-technical workflows) but allows us to keep the wheel going
I’ve troubleshot the issue down to a bad JWT token. Even without audiences, Netlify will issue a token with { “sub”: string, “aud”: [ “” ], “exp”: number, “email”: string, “app_metadata”: { “provider”: “email” }, “user_metadata”: { “full_name”: string } }
The settings endpoint tries to read aud as a string, but it gets an array and doesn’t like that.
Workaround that I discovered is setting GOTRUE_JWT_AUD with the name/domain of your site. This seems to force Netlify to think there is a single audience and not send aud with an array containing an empty string. This can be set in the UI and the runtime will pick it up without redeployment.
If you want to check your token, you can use
const user = window.netlifyIdentity?.currentUser(); if (user) { user.jwt().then(token => console.log(‘Token:’, token)); }
And then copy/paste the token into https://jwt.io (of course, reset your token after)
We’re happy to confirm that there was an earlier issue affecting Netlify Identity which impacted authentication behavior. Our Engineering team has since identified and resolved the problem, and the service has been restored.
Grateful for the fast resolution and response!! @hillary
Try this Toggle Git Gateway: Go to Site Settings > Identity > Services. Disable Git Gateway and then immediately re-enable/re-connect it. This often forces the backend to provision a version that understands the new token format.
Update the CMS: If you’re still using the netlify-cms package, it’s deprecated. Swap it for Decap CMS (the modern fork). This version has the logic to handle the new aud array.
CDN: Change netlify-cms@^2.0.0 to decap-cms@^3.0.0.
