While I am calling my backend API in pre-registration Hook it’s giving me error saying 403 ‘Forbidden’. This suddenly happened and it was working before.
Hi @ayush.oli,
Welcome to the Auth0 Community!
Could you try using the Actions interface to test your Action script and see what might be causing the 403 Forbidden error?
Keep me posted on what you find.
Yes, the API I am calling in pre-registration action is the backend api and it was working fine but all of a sudden the API gives me forbidden error.
{
status: 403,
statusText: ‘Forbidden’,
}.
The API is working fine in other places tho.
Hi @ayush.oli,
Could you share your action script with me? Please be sure to obfuscate any sensitive information.
Thanks,
Rueben
1 Like
Hey @rueben.tiow,
This is the action script.
const axios = require('axios');
exports.onExecutePreUserRegistration = async (event, api) => {
try {
const options = {
headers: {
'Content-Type': 'application/json'
}
};
const { email, user_metadata } = event.user;
const payload = {
"phoneNumber": user_metadata.phone_number,
"email": email,
'lastName': user_metadata.last_name,
'name':user_metadata.first_name + " " + user_metadata.last_name,
"accountCategoryId": user_metadata.account_category,
"accountTypeId": user_metadata.account_type,
}
const response = await axios.post(event.secrets.API_ENDPOINT, payload, options);
console.log("response", response);
if(response.data.msg === "Duplicate phone") {
api.access.deny('duplicate_phone', "Invalid Phone Number");
}
if(response.data.msg === "Duplicate email") {
api.access.deny('duplicate_email', "Invalid Email");
}
if(response.data.msg === "Customer successfully created" && response.data.data.azureCustomerId && response.data.data.shopifyId) {
api.user.setUserMetadata('azureCustomerId', response.data.data.azureCustomerId);
api.user.setUserMetadata('shopifyId', response.data.data.shopifyId);
}
} catch(error) {
// @ts-ignore
console.log("Error", error.response.data);
// @ts-ignore
if(error.response.data.errors[0] === "Enteravalidphonenumber") {
api.access.deny('invalid_phone_number', 'Invalid Phone Number');
// @ts-ignore
} else if(error.response.data.errors[0] === "Phonehasalreadybeentaken"){
api.access.deny('duplicate_phone', "Invalid Phone Number");
}
api.access.deny('api_error', 'Error in API');
}
};
1 Like
Pinging again for this. We have been stuck for really long time.
1 Like
Hi @ayush.oli,
I have reviewed your code snippet. Could you share what is the API endpoint you are trying to reach?
Is it an Auth0-related endpoint? Like one from the Management API?
Thanks,
Rueben
Check if the API permissions or token scopes have changed. Also, ensure proper authentication and authorization in Auth0 Actions.
This was something unrelated to auth0. We were having issues with Cloudflare. Closing this for now. Thank you for your help.
1 Like
Hi @ayush.oli,
That sounds good.
Keep us posted if you continue to experience issues.
Thanks,
Rueben