Is Auth0 supported when using Fauna Dev?


I have a working Next/NextAuth/Auth0 app that I am trying to run locally using Fauna Dev. Right now I’m running into an issue getting fauna to recognize my auth0 provider id.

After creating an Auth0 provider in Fauna Dev I noticed it seems to always have an audience of so I’ve created a new API in Auth0 to support that local audience.

I can successfully log in using Auth0 so there is no issue there and after login NextAuth properly creates local Account and User entries so the app is connecting to the local Fauna Dev.

The only issue is right at the end I get Unauthorized when I run CurrentIdentity().

When I was originally setting this up to run against real fauna I would get this error when I forgot to set the right domain or set the right audience in the auth0 login. But I have both of those this time - I think - so rather then bang my head against this anymore I wanted to confirm it is even supported right now.

So, is Auth0 supported when using Fauna Dev?


That is indeed pretty bizarre.

What I can say right now is that the audience has to be unique for each database. That would include those in Fauna Dev. If each token specifies the audience with an id of yyyyyyyyyyyyy, then the Fauna will never know which DB to send the request – thus the unauthorized errors.

If you Get the databases, you can see their global_id fields. This is what is used (supposed to be used) for the audience.

Can you inspect your databases and change the audience to match the respective global_id value?

~ ❯ fauna shell --secret=secret --domain=localhost --port=8443 --scheme=http                      44s  system
Connected to http://localhost:8443
Type Ctrl+D or .exit to exit the shell
> Map(Paginate(Databases()), ref => Get(ref))
  data: [
      ref: Database("test"),
      ts: 1631803802660000,
      name: 'test',
      global_id: 'ytgx5emusybyy'
      ref: Database("test1"),
      ts: 1631804011010000,
      name: 'test1',
      global_id: 'ytgx5in1sydyy'

I also just added an Access Provider, because why didn’t I try that in the first place! :man_shrugging: :upside_down_face:

The provider was created with an audience that matches the DB I created it on.

Can you share steps to replicate what you are seeing?


Ah… Ok. You are creating JWT tokens for the database root. That is what is not supported. When you try to Create anything other than a Database on the cloud root, you get an error:

Error: invalid object in container
  errors: [
      position: [
      code: 'invalid object in container',
      description: 'Object is not allowed in a container'

But it looks like you can create other schema in the root of your Fauna Dev database.

When I created an Access Provider on the Root database I get the same results as you.

> CreateAccessProvider({name: "auth0", issuer: "https://dev—", jwks_uri: "https://dev—" })
  ref: AccessProvider("auth0"),
  ts: 1631805196920000,
  name: 'auth0',
  issuer: 'https://dev—',
  jwks_uri: 'https://dev—',
  audience: ''
1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.