Auth Error after updating app_metadata via Management API and injecting metadata to IdToken

gmjun2000 · December 30, 2021, 2:59pm

Hi guys, following “thread”. I have a similar issue but in this case i am updating user_metadata and adding the metadata to IdToken in a rule.

Is this happening because the token get modified? I am not updating email_verified in my case.

Regards and thank you

Thread: Silent Auth errors with Login Required after updating app_metadata via Management API

rueben.tiow · December 30, 2021, 6:24pm

Hi @gmjun2000,

Welcome to the Auth0 Community!

Before we continue, could you please elaborate what are the errors you are getting?

And, could you please share your Rule for adding the user_metadata to the ID Token?

Thank you.

gmjun2000 · January 2, 2022, 6:06pm

Hi @rueben.tiow thank you for your response.
With checkSession({ ignoreCache: true }) just log me out and getTokenSilently({ ignoreCache: true }) i get Login required.

My rule:

function migrateRootAttributes(user, context, cb) {
  var namespace = "https://e4s.systems/"; 
  context.idToken[namespace + "metadata"] = user.user_metadata;
  context.accessToken[namespace + "metadata"] = user.user_metadata;
  cb(null, user, context);
 
}

rueben.tiow · January 3, 2022, 6:23pm

Hi @gmjun2000,

Thank you for your reply.

First, the Login required error is expected when using the getTokenSilently method when there isn’t an authenticated user. In silent authentication, the “login required” error is thrown when the user’s browser does not or cannot send the “Auth0” cookie. This cookie identifies the user’s logged-in session with Auth0 and resides on the client’s browser.

In this case, you’ll need to initiate the authentication process again.

As for your Rule, it is correct for appending custom claims to tokens and should work.

Please let me know if there’s anything else I can do to help.

Thank you.

gmjun2000 · January 7, 2022, 11:49pm

Hi @rueben.tiow. What could be the reason why i get revoked the token? The token is fresh and recently created.

rueben.tiow · January 11, 2022, 8:32pm

Hi @gmjun2000,

Thank you for your response.

I have made an edit to my previous post. The error you have encountered happens because it expects an authenticated user when using the getTokenSilently method.

As a result, you will need to make sure the user is logged in, or you will need to reinitiate the log-in process. Additionally, you might want to avoid the checkSession({ ignoreCache: true }) logging you out preceding the getTokenSIlently method.

Hoped this helps!

Please let me know if there’s anything else I can do to help.

Thanks.

system · January 26, 2022, 8:33pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Silent Auth errors with Login Required after updating app_metadata via Management API Help app_metadata , silent-auth	5	5639	July 23, 2021
I get 'invalid token' error Help jwt , auth0 , management-api	3	2008	April 8, 2022
Oauth/token returning internal server error Help login	4	3780	February 22, 2022
User Update via management API seems to invalidate all in-flight JWTs -- Is this expected/intentional? Help jwt , auth0 , api , management-api	0	1508	July 13, 2022
renewAuth is giving login_required Help silent-authenticatio	12	4322	August 2, 2019

Auth Error after updating app_metadata via Management API and injecting metadata to IdToken

Related Topics