404 Not found errors when using Authorization extension

Problem statement

We are experiencing an issue that some of the users could not log in and received the “404 Not found” error.

Steps to reproduce

Create a user with a user_id containing “/” characters (or use a SAML connection returning this as the userID / nameID)
Install the authorization extension and publish the rule
Log in as the created user


Check user ID’s impacted for reserved URL characters such as “/”, and whether they are using the Authorization extension.


Currently, we have a backlog item for fixing the Authorization Extension which does not encode the user_id, so any requests to endpoints that include the user_id in the path will fail as characters such as “/” will alter the path to a non-existent endpoint. Hence the 404 error.


Unfortunately, the expected delivery timeline for the backlog is not available yet. We will keep you updated once the info is available.

Until this is addressed, you will need to either ensure your user_ids do not contain reserved URL characters (safer option) or modify the Auth extensions generated rule to URL encode the user ID:

// Get the policy for the user.
function getPolicy(user, context, cb) {
    const encodedUser = encodeURIComponent(user.user_id);
      url: EXTENSION_URL + "/api/users/" + encodedUser + "/policy/" + context.clientID,
//rest of code...