omniauth-auth0 is vulnerable to authorization bypass. The vulnerability exists through a regression made in code that validates JWT token signatures, where it is possible to bypass authentication and authorization when the default Authorization Code Flow is not used.