Auth0 Authorization rule seems not to save

patrick.davis · January 16, 2020, 4:33pm

Hi All,

I am currently using the authorization extension. The rule seems to be catched on the server side. The rule code is the default below…

/*
*  This rule been automatically generated by auth0-authz-extension
*/
function (user, context, callback) {
  var _ = require('lodash');
  var EXTENSION_URL = "[redacted]";

  var audience = '';
  audience = audience || (context.request && context.request.query && context.request.query.audience);
  if (audience === 'urn:auth0-authz-api') {
    return callback(new UnauthorizedError('no_end_users'));
  }

  audience = audience || (context.request && context.request.body && context.request.body.audience);
  if (audience === 'urn:auth0-authz-api') {
    return callback(new UnauthorizedError('no_end_users'));
  }

  getPolicy(user, context, function(err, res, data) {
    if (err) {
      console.log('Error from Authorization Extension:', err);
      return callback(new UnauthorizedError('Authorization Extension: ' + err.message));
    }

    if (res.statusCode !== 200) {
      console.log('Error from Authorization Extension:', res.body || res.statusCode);
      return callback(
        new UnauthorizedError('Authorization Extension: ' + ((res.body && (res.body.message || res.body) || res.statusCode)))
      );
    }

    // Update the user object.
    user.groups = data.groups;
    user.roles = data.roles;
    user.permissions = data.permissions;

    // Store this in the user profile (app_metadata).
    saveToMetadata(user, data.groups, data.roles, data.permissions, function(err) {
      return callback(err, user, context);
    });
  });
  
  // Convert groups to array
  function parseGroups(data) {
    if (typeof data === 'string') {
      // split groups represented as string by spaces and/or comma
      return data.replace(/,/g, ' ').replace(/\s+/g, ' ').split(' ');
    }
    return data;
  }

  // Get the policy for the user.
  function getPolicy(user, context, cb) {
    request.post({
      url: EXTENSION_URL + "/api/users/" + user.user_id + "/policy/" + context.clientID,
      headers: {
        "x-api-key": configuration.AUTHZ_EXT_API_KEY
      },
      json: {
        connectionName: context.connection || user.identities[0].connection,
        groups: parseGroups(user.groups)
      },
      timeout: 5000
    }, cb);
  }

  // Store authorization data in the user profile so we can query it later.
  function saveToMetadata(user, groups, roles, permissions, cb) {
    user.app_metadata = user.app_metadata || {};
    user.app_metadata.authorization = {
      groups: groups,
      roles: roles,
      permissions: permissions
    };

    auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
    .then(function() {
      cb();
    })
    .catch(function(err){
      cb(err);
    });
  }
}

however the error that I am getting seems to be related to old code

"error": {
      "message": "Authorization Extension2: {\"statusCode\":401,\"error\":\"Unauthorized\",\"message\":\"Missing authentication\"}",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    },

the “Extension2” was a string that I added to one of the errors however it does not exist in the current code.

I have tried the following

recreated the rule as a different rule
Turned off the authorization rule (it still seems to run)
Turned on and off the API
deleted the different users
uninstall and reinstalled and recreated the extension configuration (using the default rule above)

Interestingly enough when I run the rule through he “try” button it runs as expected.

Any other ideas?

** Edited for formatting

dan.woda · January 16, 2020, 6:09pm

Hi @patrick.davis,

It shouldn’t be caching like that. Can you DM me your tenant name so I can check it out?

Thanks,
Dan

dan.woda · January 16, 2020, 6:33pm

It looks like the error is coming from the Add persistent attributes to the user rule.

patrick.davis · January 16, 2020, 7:33pm

Yes I think you are right. I must have replaced that rule with the one that I was troubleshooting at the time.

Can I make a suggestion for a new feature to add some information to the context in the log on which rule it fails in if it is a error in a rule?

dan.woda · January 16, 2020, 7:42pm

Absolutely! You can submit feature requests to our feedback page. It is a direct line to our product team.

In addition, I would encourage you to consider switching to the core RBAC functionality vs the extension.

Hope this helps!

Thanks,
Dan

patrick.davis · January 17, 2020, 2:16pm

Thank you for your help. I will look into the core RBAC.

dan.woda · January 17, 2020, 6:42pm

Good Luck! Let us know if you need help with anything else.

dan.woda · January 31, 2020, 10:42pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authorization Extention Migration from Rules to Actions Help extensions , auth0-authorization	2	57	October 14, 2024
Authorization Extension does not populate user object Help nodejs	3	4144	February 26, 2019
Node 8 migration for Auth0 Authorization Extension Rules Help migration	27	5728	July 9, 2019
Authorization Extension - Groups not in JWT Help jwt , auth0 , api-authorization	11	9167	August 30, 2019
Auth0-authz-extension rule redirecting to 500 error Help extensions , auth0-authorization	3	1381	March 20, 2023

Auth0 Authorization rule seems not to save

Related Topics