Unauthorized using auth0 accessToken

Hi :wave:

I have read the post here which shows the same error I am seeing. I am trying to send the example query (client.query(q.Abs(1))) that should not require any permissions as per suggestion in the other post.

I have tested the client configuration with a normal key associated to the same role as the auth0 provider has been given and it connects fine and returns expected { result: 1 }.

I have also tested by configuring the API in auth0 with the identity value given to auth0 as the region URL (in my case https://db.eu.fauna.com/db/my_id) with same error.

The auth0 token I am using is being fetched from the /auth0/token endpoint with the aud as https://db.fauna.com/db/my_id (no region specified) .

Fauna provider seems correctly configured with the issuer value matching that in the auth0 token and the wellknown endpoint returning the right keys.

Any ideas where I am going wrong?

      Unauthorized {
        name: 'Unauthorized',
        message: 'unauthorized. Check that endpoint, schema, port and secret are correct during client’s instantiation',
        description: 'Unauthorized',
        requestResult: RequestResult {
          method: 'POST',
          path: '',
          query: null,
          requestRaw: '{"abs":1}',
          requestContent: Expr { raw: [Object] },
          responseRaw: '{"errors":[{"code":"unauthorized","description":"Unauthorized"}]}',
          responseContent: { errors: [Array] },
          statusCode: 401,
          responseHeaders: [Object: null prototype] {
            ':status': 401,
            'www-authenticate': 'Basic realm="Unauthorized"',
            'x-txn-time': '1665241505440097',
            'x-faunadb-build': '220928.015029-7c1f8c3',
            traceparent: '00-c334b7f9acd7db78abfadafc2b99da9d-52808a5012495e2c-00',
            'content-length': '65',
            'content-type': 'application/json;charset=utf-8',
            [Symbol(nodejs.http2.sensitiveHeaders)]: []
          startTime: 1665241505408,
          endTime: 1665241505516

Hi @mmzz and welcome! :wave:

For the purposes of 3rd party auth, all of the audience URLs use the domain: db.fauna.com. You never need to edit the subdomain for a Region Group. Just make sure it matches what is in the Dashboard.

The Auth0 token URL ends in /oauth/token not /auth0/token. Maybe that’s just a typo for this post, but make sure your URLs for Auth0 are exactly as they should be.

Misconfiguration will result in a simple Unauthorized error without further details. There is configuration for Fauna and Auth0 that you have not shared, and there’s a lot there that can break down. It is difficult to say anything more than to advise you double check everything.

Can you share screenshots of your configurations with the personal information redacted (e.g. the fauna database id and Auth0 project name)? I would be looking for it to match up with our guide in the docs: Auth0 configuration - Fauna Documentation

Hi @mmzz Were you able to get your Auth0 tokens working, or do you have any questions?