Auth0 with graphql

unibit · September 17, 2021, 12:10pm

I have configured an external Auth0 accessProvider as explained in https://docs.fauna.com/fauna/current/security/external/auth0

I can successfully access the db with my Auth0 access-token using fauna-shell.
However when I try to execute a graphql request from my browser application using an Auth0 access-token I get following response from fauna:

200 OK
{“errors”:[{“message”:“Invalid database secret.”}]}

Is usage of an external accessprovider working for graphql?
I’m happy to share config/implementation details if necessary

rob · September 17, 2021, 12:29pm

Hi @unibit - welcome to the forums!

AccessProviders are indeed working with GraphQL. The first thing I’d check - did you create your database in one of the US or EU Region Groups? If so, you’ll need to make sure that your GraphQL client is pointing to the correct GraphQL endpoint for your region group.

ldavuluri · September 17, 2021, 8:43pm

Hi @unibit,

Rob is right about region groups needing to be set explicitly. Just to make sure nothing else is happening can you share your connection config in your GraphQL app?
Make sure to obfuscate or remove the actual auth token, we don’t need that (and it should never be posted publicly).

-Lavanya

unibit · September 19, 2021, 6:32pm

@rob @ldavuluri thanks for your reaction.

It was indeed the wrong region endpoint configured in my client.
The ‘invalid database secret’ error has gone but now getting a Permission Denied response.
I think it is not related to the Auth0 config, since I also get the same result when I use a plain secret fauna key. However when I create a key for Admin role then I get successfully my response.
So will deeper look to the permission config for the sample DB

ldavuluri · September 20, 2021, 11:09pm

Hi @unibit ,

Thank you for the update.

That does sound like a permission issue.

Are you using ABAC?

We can help with debugging the issue. Can you please share the following -

GraphQL schema
role(s) definition
Get(Role("role_name"))
details on the query/function that is returning the error

Thanks!

unibit · September 30, 2021, 5:24pm

Hi @ldavuluri ,

I’m currently using the default demo database to try things out.
The query I’m executing is

{
   allOrders{data{creationDate}}
}

The auth0 access provider is attributed with the manager role, which according to the ABAC rules is permitted to read the orders collection

ldavuluri · October 5, 2021, 12:10am

Hi @unibit,

The manager role in the default demo database does not have read access to the index all_orders. It has read access defined for the collection orders but not for the index.

If you add the privilege granting read access to that index to the manager role, your query should work.

Topic		Replies	Views
GraphQL calls using third-party auth always return 'Invalid database secret' Help graphql , authentication , auth0	9	688	August 17, 2021
Unauthorized using auth0 accessToken Help authentication , auth0	3	450	January 15, 2023
Access denied in docker using graphQL Help graphql , authentication , docker , local	4	715	November 11, 2021
Unauthorized when authenticating via Auth0 provider Help	5	658	October 19, 2021
DB key stopped working / unable to authenticate Help	8	534	June 29, 2021

Auth0 with graphql

Related topics