I am making a java library which will be used by a set of play applications to do authorization. While trying to fetch userInfo using the method specified here GitHub - auth0/auth0-java: Java client library for the Auth0 platform, I get “Request failed with status code 401: Unauthorized”. Can someone help out?
Request<UserInfo> request = auth0API.userInfo(userToken);
try {
UserInfo info = request.execute();
return info.getValues();
}
catch (APIException exception) {
logger.error("APIException during token validation for user : " + exception.getMessage());
}
catch (Auth0Exception exception) {
logger.error("Auth0Exception during token validation for user : " + exception.getMessage());
}
The 401 is not an exceptional response code; so assuming there’s not a bug in the code associated with the /userinfo endpoint, the most common explanation would be that the token provided is not suitable to call this endpoint.
In particular, this endpoint requires an access token and not an ID token (from the provided code it’s not possible to ascertain what exactly userToken contains). In addition, the access token needs to be suitable to call that endpoint. See the following answer to a related question for some of the possible causes:
http://community.auth0.com/answers/574/view
I’m using the accessToken I get from the callback after the user signs in. Which is consistent with the documentation here - GitHub - auth0/auth0-java: Java client library for the Auth0 platform
Not sure what is going wrong.
Are you passing an audience parameter to your own API and if yes, is that API configured to use HS256? In that situation the access token will not be suitable to call the /userinfo endpoint; see the answer linked.