Is there a Work Flow difference with facebook Authorisation v/s Linkedin and Twitter

srinivas · April 17, 2017, 1:15pm

Hi Team ,
We have a feature where in user can link his linkedin / facebook and twitter accounts to his profile. Currently for linkedin and twitter we call Authorize API and have enabled the rule “Link Accounts with Same Email Address while Merging Metadata” on auth0 dashboard. Post authorise API returns the access token using same we call the /userinfo API . Incase of linkedin and twitter the userinfo API response is giving a proper respose data. In case of facebook it returns "Unauthorised " Response . Detailed logs below for reference. But in Autho when we test the user details its merging properly. Even logs in auth0 return no error.
2017-04-03T10:05:40.862Z 170d1758-1855-11e7-8258-c57c6dd08f7d
{
“statusCode”: 401,
“body”: “Unauthorized”,
“headers”: {
“date”: “Mon, 03 Apr 2017 10:05:40 GMT”,
“content-length”: “12”,
“connection”: “close”,
“x-auth0-requestid”: “b9d59357a66726c6de2a”,
“access-control-allow-origin”: “*”,
“access-control-allow-credentials”: “false”,
“www-authenticate”: “Bearer realm=“Users”, error=“invalid_token””,
“cache-control”: “no-cache”
},
“request”: {
“uri”: {
“protocol”: “https:”,
“slashes”: true,
“auth”: null,
“host”: “eventvalue.auth0.com”,
“port”: 443,
“hostname”: “eventvalue.auth0.com”,
“hash”: null,
“search”: null,
“query”: null,
“pathname”: “/userinfo”,
“path”: “/userinfo”,
“href”: “https://eventvalue.auth0.com/userinfo”
},
“method”: “get”,
“headers”: {
“Accept”: “application/json”,
“Authorization”: “Bearer O5e2yBPBd4JC2okC”,
“content-length”: 0
}
}
}

srinivas · April 17, 2017, 1:17pm

Attached har files for reference [link text][1]

prashantT · April 28, 2017, 9:30am

Can you check the user’s user profile in Auth0 and see whether the Facebook user has been linked under the identities array?

srinivas · April 28, 2017, 12:05pm

@prashant - yes it is linked in the identities array . Please find the details for the user for reference.

{
“user_id”: “58dce74fa86f8f2e8ded6ff9”,
“provider”: “auth0”,
“connection”: “Username-Password-Authentication”,
“isSocial”: false
},
{
“profileData”: {
“email”: “rohinisingh3792@gmail.com”,
“given_name”: “Rohini”,
“family_name”: “Singh”,
“name”: “Rohini Singh”,
“apiStandardProfileRequest”: {
“headers”: {
“_total”: 1,
“values”:
{
“name”: “x-li-auth-token”,
“value”: “name:COOz”
}
]
},
“url”: “https://api.linkedin.com/v1/people/G6tyWEFJU4”
},
“distance”: 0,
“headline”: “Marketing Manager at eventValue”,
“industry”: “Internet”,
“location”: {
“country”: {
“code”: “in”
},
“name”: “Bengaluru Area, India”
},
“numConnections”: 0,
“numConnectionsCapped”: false,
“pictureUrls”: {
“_total”: 0
},
“positions”: {
“_total”: 1,
“values”:
{
“company”: {
“id”: 10641997,
“industry”: “Internet”,
“name”: “eventValue”,
“size”: “2-10”,
“type”: “Privately Held”
},
“id”: 959619890,
“isCurrent”: true,
“location”: {},
“startDate”: {
“month”: 7,
“year”: 2016
},
“title”: “Marketing Manager”
}
]
},
“publicProfileUrl”: “https://www.linkedin.com/in/rohini-singh-35090a13b”,
“relationToViewer”: {
“distance”: 0
},
“siteStandardProfileRequest”: {
“url”: “https://www.linkedin.com/profile/view?id=AAoAACIg4WwBobsDt1LIlKu1N5F-8fpoQdjPOGA&authType=name&authToken=COOz&trk=api*a4898371*s5214891*”
},
“email_verified”: true
},
“provider”: “linkedin”,
“user_id”: “G6tyWEFJU4”,
“connection”: “linkedin”,
“isSocial”: true
},
{
“profileData”: {
“name”: “Rohini Singh”,
“email”: “rohinisingh3792@gmail.com”,
“given_name”: “Rohini”,
“family_name”: “Singh”,
“gender”: “female”,
“picture”: “https://scontent.xx.fbcdn.net/v/t1.0-1/c15.0.50.50/p50x50/1379841_10150004552801901_469209496895221757_n.jpg?oh=d9f13139f45ec1c9d1e05a32d1c897eb&oe=597AC533”,
“picture_large”: “https://scontent.xx.fbcdn.net/v/t31.0-1/1402926_10150004552801901_469209496895221757_o.jpg?oh=c5bc74188ec2f51499f01ffb25c4345e&oe=5989714F”,
“age_range”: {
“max”: 17,
“min”: 13
},
“context”: {
“mutual_likes”: {
“data”: ],
“summary”: {
“total_count”: 0
}
},
“id”: “dXNlcl9jb250ZAXh0OgGQp8NJ27MilamxiqoDOQ1FeRk9Yw1RZAEpcksasgsU6DO4vnPYVnB3ag4ZAhAYmZB7FCc4DJsjZAmH8pkzUzvi7cJbc5u9SqtJp6jPeeFLbAvqDEcZD”
},
“updated_time”: “2017-03-31T11:16:38+0000”,
“installed”: true,
“is_verified”: false,
“link”: “Redirecting...”,
“locale”: “en_GB”,
“name_format”: “{first} {last}”,
“timezone”: 5.5,
“third_party_id”: “138vjOYNTOtQFzUajnp9iyn3hyU”,
“verified”: false,
“email_verified”: true
},
“provider”: “facebook”,
“user_id”: “101440147069909”,
“connection”: “facebook”,
“isSocial”: true
},
{
“profileData”: {
“name”: “Rohini Singh”,
“picture”: “https://abs.twimg.com/sticky/default_profile_images/default_profile_0_normal.png”,
“created_at”: “Fri Mar 31 11:28:53 +0000 2017”,
“lang”: “en-gb”,
“screen_name”: “rohinisingh3792”
},
“provider”: “twitter”,
“user_id”: “847772682909253633”,
“connection”: “twitter”,
“isSocial”: true
}
]

prashantT · April 28, 2017, 2:39pm

Can you please test the following:

Login with Twitter
Inspect the returned id_token in https://jwt.io/. Make a note of the sub claim - this is the user_id of the user that logged in.

Then, repeat the same steps but logging in using Facebook and LinkedIn. Please let me know if the sub claims match (i.e. the user_id’s match).