Hi All,
I am currently using the authorization extension. The rule seems to be catched on the server side. The rule code is the default below…
/*
* This rule been automatically generated by auth0-authz-extension
*/
function (user, context, callback) {
var _ = require('lodash');
var EXTENSION_URL = "[redacted]";
var audience = '';
audience = audience || (context.request && context.request.query && context.request.query.audience);
if (audience === 'urn:auth0-authz-api') {
return callback(new UnauthorizedError('no_end_users'));
}
audience = audience || (context.request && context.request.body && context.request.body.audience);
if (audience === 'urn:auth0-authz-api') {
return callback(new UnauthorizedError('no_end_users'));
}
getPolicy(user, context, function(err, res, data) {
if (err) {
console.log('Error from Authorization Extension:', err);
return callback(new UnauthorizedError('Authorization Extension: ' + err.message));
}
if (res.statusCode !== 200) {
console.log('Error from Authorization Extension:', res.body || res.statusCode);
return callback(
new UnauthorizedError('Authorization Extension: ' + ((res.body && (res.body.message || res.body) || res.statusCode)))
);
}
// Update the user object.
user.groups = data.groups;
user.roles = data.roles;
user.permissions = data.permissions;
// Store this in the user profile (app_metadata).
saveToMetadata(user, data.groups, data.roles, data.permissions, function(err) {
return callback(err, user, context);
});
});
// Convert groups to array
function parseGroups(data) {
if (typeof data === 'string') {
// split groups represented as string by spaces and/or comma
return data.replace(/,/g, ' ').replace(/\s+/g, ' ').split(' ');
}
return data;
}
// Get the policy for the user.
function getPolicy(user, context, cb) {
request.post({
url: EXTENSION_URL + "/api/users/" + user.user_id + "/policy/" + context.clientID,
headers: {
"x-api-key": configuration.AUTHZ_EXT_API_KEY
},
json: {
connectionName: context.connection || user.identities[0].connection,
groups: parseGroups(user.groups)
},
timeout: 5000
}, cb);
}
// Store authorization data in the user profile so we can query it later.
function saveToMetadata(user, groups, roles, permissions, cb) {
user.app_metadata = user.app_metadata || {};
user.app_metadata.authorization = {
groups: groups,
roles: roles,
permissions: permissions
};
auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
.then(function() {
cb();
})
.catch(function(err){
cb(err);
});
}
}
however the error that I am getting seems to be related to old code
"error": {
"message": "Authorization Extension2: {\"statusCode\":401,\"error\":\"Unauthorized\",\"message\":\"Missing authentication\"}",
"oauthError": "unauthorized",
"type": "oauth-authorization"
},
the “Extension2” was a string that I added to one of the errors however it does not exist in the current code.
I have tried the following
- recreated the rule as a different rule
- Turned off the authorization rule (it still seems to run)
- Turned on and off the API
- deleted the different users
- uninstall and reinstalled and recreated the extension configuration (using the default rule above)
Interestingly enough when I run the rule through he “try” button it runs as expected.
Any other ideas?
** Edited for formatting