We added new Social Provider Twitch and hoped that everything will just work. But as always with Auth0, you try to do a simple task and you don’t even realise that you lost yet another finger.
After Logging in with Twitch we were getting redirected to our website with the following error:
error(pin):"invalid_request"
errorDescription(pin):"Invalid response code from the auth0-sandbox: HTTP 400. Unexpected token }"
We installed Real-time Webtask Logs
and the error looked like this:
{
"code": 400,
"message": "Compilation failed: Unexpected token }",
"error": "Unexpected token }",
"stack": "/data/io/9f107b5c-01db-4341-9452-0acbb43c7d91/webtask.js:24\n}\n^\n\nSyntaxError: Unexpected token }\n at createScript (vm.js:80:10)\n at Object.runInThisContext (vm.js:139:10)\n at WebtaskModule.compileWebtask (/data/sandbox/lib/module.js:140:30)\n at defaultJavascriptCompiler (/data/sandbox/lib/compiler.js:135:24)\n at defaultCompiler (/data/sandbox/lib/compiler.js:144:12)\n at /data/sandbox/lib/compiler.js:276:11\n at /data/sandbox/node_modules/async/dist/async.js:3880:24\n at replenish (/data/sandbox/node_modules/async/dist/async.js:1011:17)\n at /data/sandbox/node_modules/async/dist/async.js:1016:9\n at eachOfLimit (/data/sandbox/node_modules/async/dist/async.js:1041:24)"
}
Applying trial and error for several hours we found that the problem was in the default Fetch User Profile Script
given by Auth0. It was failing because of a comment at the end of the function.
Original:
function(accessToken, ctx, cb) {
request.get('https://api.twitch.tv/kraken/user', {
headers: {
'Authorization': 'OAuth ' + accessToken,
'Accept': 'application/vnd.twitchtv.v5+json'
}
}, function(e, r, b) {
if (e) return cb(e);
if (r.statusCode !== 200) return cb(new Error('StatusCode: ' + r.statusCode));
var profile = JSON.parse(b);
profile.id = profile._id;
delete profile._id;
profile.links = profile._links;
delete profile._links;
return cb(null, profile);
});
} // endpoint is from old twitch api
Deleting // endpoint is from old twitch api
fixed the issue.
Posting this for two reasons:
- hoping to save several hours of frustration for some other unlucky lads
- hopint Auh0 will get rid of the comment in the default implementation (or even better - fix parser of the function to allow comments or at least throw a meaningful error)