Auth0 with graphql

I have configured an external Auth0 accessProvider as explained in

I can successfully access the db with my Auth0 access-token using fauna-shell.
However when I try to execute a graphql request from my browser application using an Auth0 access-token I get following response from fauna:

200 OK
{“errors”:[{“message”:“Invalid database secret.”}]}

Is usage of an external accessprovider working for graphql?
I’m happy to share config/implementation details if necessary

1 Like

Hi @unibit - welcome to the forums!

AccessProviders are indeed working with GraphQL. The first thing I’d check - did you create your database in one of the US or EU Region Groups? If so, you’ll need to make sure that your GraphQL client is pointing to the correct GraphQL endpoint for your region group.

Hi @unibit,

Rob is right about region groups needing to be set explicitly. Just to make sure nothing else is happening can you share your connection config in your GraphQL app?
Make sure to obfuscate or remove the actual auth token, we don’t need that (and it should never be posted publicly).


@rob @ldavuluri thanks for your reaction.

It was indeed the wrong region endpoint configured in my client.
The ‘invalid database secret’ error has gone but now getting a Permission Denied response.
I think it is not related to the Auth0 config, since I also get the same result when I use a plain secret fauna key. However when I create a key for Admin role then I get successfully my response.
So will deeper look to the permission config for the sample DB

1 Like

Hi @unibit ,

Thank you for the update.

That does sound like a permission issue.

Are you using ABAC?

We can help with debugging the issue. Can you please share the following -

  • GraphQL schema
  • role(s) definition
  • details on the query/function that is returning the error


Hi @ldavuluri ,

I’m currently using the default demo database to try things out.
The query I’m executing is


The auth0 access provider is attributed with the manager role, which according to the ABAC rules is permitted to read the orders collection

Hi @unibit,

The manager role in the default demo database does not have read access to the index all_orders. It has read access defined for the collection orders but not for the index.

If you add the privilege granting read access to that index to the manager role, your query should work.