Unauthorized using auth0 accessToken

mmzz · October 8, 2022, 3:11pm

Hi

I have read the post here which shows the same error I am seeing. I am trying to send the example query (client.query(q.Abs(1))) that should not require any permissions as per suggestion in the other post.

I have tested the client configuration with a normal key associated to the same role as the auth0 provider has been given and it connects fine and returns expected { result: 1 }.

I have also tested by configuring the API in auth0 with the identity value given to auth0 as the region URL (in my case https://db.eu.fauna.com/db/my_id) with same error.

The auth0 token I am using is being fetched from the /auth0/token endpoint with the aud as https://db.fauna.com/db/my_id (no region specified) .

Fauna provider seems correctly configured with the issuer value matching that in the auth0 token and the wellknown endpoint returning the right keys.

Any ideas where I am going wrong?

      Unauthorized {
        name: 'Unauthorized',
        message: 'unauthorized. Check that endpoint, schema, port and secret are correct during client’s instantiation',
        description: 'Unauthorized',
        requestResult: RequestResult {
          method: 'POST',
          path: '',
          query: null,
          requestRaw: '{"abs":1}',
          requestContent: Expr { raw: [Object] },
          responseRaw: '{"errors":[{"code":"unauthorized","description":"Unauthorized"}]}',
          responseContent: { errors: [Array] },
          statusCode: 401,
          responseHeaders: [Object: null prototype] {
            ':status': 401,
            'www-authenticate': 'Basic realm="Unauthorized"',
            'x-txn-time': '1665241505440097',
            'x-faunadb-build': '220928.015029-7c1f8c3',
            traceparent: '00-c334b7f9acd7db78abfadafc2b99da9d-52808a5012495e2c-00',
            'content-length': '65',
            'content-type': 'application/json;charset=utf-8',
            [Symbol(nodejs.http2.sensitiveHeaders)]: []
          },
          startTime: 1665241505408,
          endTime: 1665241505516
        }
      }
\\\

ptpaterson · October 10, 2022, 4:37pm

Hi @mmzz and welcome!

For the purposes of 3rd party auth, all of the audience URLs use the domain: db.fauna.com. You never need to edit the subdomain for a Region Group. Just make sure it matches what is in the Dashboard.

The Auth0 token URL ends in /oauth/token not /auth0/token. Maybe that’s just a typo for this post, but make sure your URLs for Auth0 are exactly as they should be.

Misconfiguration will result in a simple Unauthorized error without further details. There is configuration for Fauna and Auth0 that you have not shared, and there’s a lot there that can break down. It is difficult to say anything more than to advise you double check everything.

Can you share screenshots of your configurations with the personal information redacted (e.g. the fauna database id and Auth0 project name)? I would be looking for it to match up with our guide in the docs: Security model - Fauna Documentation

ptpaterson · October 17, 2022, 5:12pm

Hi @mmzz Were you able to get your Auth0 tokens working, or do you have any questions?

ptpaterson · January 15, 2023, 5:13pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unauthorized when authenticating via Auth0 provider Help	5	654	October 19, 2021
Auth0 with graphql Help graphql , authentication	6	381	October 5, 2021
Is Auth0 supported when using Fauna Dev? Help authentication	3	455	September 16, 2021
Unauthorized FaunaDB with valid secret key Help authentication	3	1910	September 6, 2021
GraphQL calls using third-party auth always return 'Invalid database secret' Help graphql , authentication , auth0	9	687	August 17, 2021

Unauthorized using auth0 accessToken

Related Topics