Auth0 with graphql

unibit · September 17, 2021, 12:10pm

I have configured an external Auth0 accessProvider as explained in https://docs.fauna.com/fauna/current/security/external/auth0

I can successfully access the db with my Auth0 access-token using fauna-shell.
However when I try to execute a graphql request from my browser application using an Auth0 access-token I get following response from fauna:

200 OK
{“errors”:[{“message”:“Invalid database secret.”}]}

Is usage of an external accessprovider working for graphql?
I’m happy to share config/implementation details if necessary

rob · September 17, 2021, 12:29pm

Hi @unibit - welcome to the forums!

AccessProviders are indeed working with GraphQL. The first thing I’d check - did you create your database in one of the US or EU Region Groups? If so, you’ll need to make sure that your GraphQL client is pointing to the correct GraphQL endpoint for your region group.

ldavuluri · September 17, 2021, 8:43pm

Hi @unibit,

Rob is right about region groups needing to be set explicitly. Just to make sure nothing else is happening can you share your connection config in your GraphQL app?
Make sure to obfuscate or remove the actual auth token, we don’t need that (and it should never be posted publicly).

-Lavanya

unibit · September 19, 2021, 6:32pm

@rob @ldavuluri thanks for your reaction.

It was indeed the wrong region endpoint configured in my client.
The ‘invalid database secret’ error has gone but now getting a Permission Denied response.
I think it is not related to the Auth0 config, since I also get the same result when I use a plain secret fauna key. However when I create a key for Admin role then I get successfully my response.
So will deeper look to the permission config for the sample DB

ldavuluri · September 20, 2021, 11:09pm

Hi @unibit ,

Thank you for the update.

That does sound like a permission issue.

Are you using ABAC?

We can help with debugging the issue. Can you please share the following -

GraphQL schema
role(s) definition
Get(Role("role_name"))
details on the query/function that is returning the error

Thanks!

unibit · September 30, 2021, 5:24pm

Hi @ldavuluri ,

I’m currently using the default demo database to try things out.
The query I’m executing is

{
   allOrders{data{creationDate}}
}

The auth0 access provider is attributed with the manager role, which according to the ABAC rules is permitted to read the orders collection

ldavuluri · October 5, 2021, 12:10am

Hi @unibit,

The manager role in the default demo database does not have read access to the index all_orders. It has read access defined for the collection orders but not for the index.

If you add the privilege granting read access to that index to the manager role, your query should work.

Topic		Replies	Views
Unauthorized using auth0 accessToken Help authentication , auth0	3	397	January 15, 2023
Unauthorized when authenticating via Auth0 provider Help	5	584	October 19, 2021
Auth0 - use access provider for multiple children databases Help auth0	4	332	March 29, 2022
No key found for secret/Try third party auth for free Help authentication	8	586	May 4, 2021
Fauna DB returns error stating "permission denied" when querying related type, what privileges do I need to grant? Help graphql , roles , authorization	3	424	January 5, 2022

Auth0 with graphql

Related Topics