Auth0 giving 403 'Forbidden' while calling external API in actions

While I am calling my backend API in pre-registration Hook it’s giving me error saying 403 ‘Forbidden’. This suddenly happened and it was working before.

Hi @ayush.oli,

Welcome to the Auth0 Community!

Could you try using the Actions interface to test your Action script and see what might be causing the 403 Forbidden error?

Keep me posted on what you find.

Yes, the API I am calling in pre-registration action is the backend api and it was working fine but all of a sudden the API gives me forbidden error.
{
status: 403,
statusText: ‘Forbidden’,
}.
The API is working fine in other places tho.

Hi @ayush.oli,

Could you share your action script with me? Please be sure to obfuscate any sensitive information.

Thanks,
Rueben

1 Like

Hey @rueben.tiow,

This is the action script.

const axios = require('axios');
exports.onExecutePreUserRegistration = async (event, api) => {
    try {
    const options = {
      headers: {
        'Content-Type': 'application/json'
      }
    };

    const { email, user_metadata } = event.user;
    const payload = {
      "phoneNumber": user_metadata.phone_number,
      "email": email,
      'lastName': user_metadata.last_name,
      'name':user_metadata.first_name + " " + user_metadata.last_name,
      "accountCategoryId": user_metadata.account_category,
      "accountTypeId": user_metadata.account_type,
    }

    const response = await axios.post(event.secrets.API_ENDPOINT, payload, options);
    console.log("response", response);
    if(response.data.msg === "Duplicate phone") {
        api.access.deny('duplicate_phone', "Invalid Phone Number");
    }
    if(response.data.msg === "Duplicate email") {
        api.access.deny('duplicate_email', "Invalid Email");
    }
    if(response.data.msg === "Customer successfully created" && response.data.data.azureCustomerId && response.data.data.shopifyId) {
      api.user.setUserMetadata('azureCustomerId', response.data.data.azureCustomerId);
      api.user.setUserMetadata('shopifyId', response.data.data.shopifyId);
    }
    } catch(error) {
      // @ts-ignore
      console.log("Error", error.response.data);
      // @ts-ignore
      if(error.response.data.errors[0] === "Enteravalidphonenumber") {
        api.access.deny('invalid_phone_number', 'Invalid Phone Number');
      // @ts-ignore
      } else if(error.response.data.errors[0] === "Phonehasalreadybeentaken"){
        api.access.deny('duplicate_phone', "Invalid Phone Number");
      }
      api.access.deny('api_error', 'Error in API');
    }
};
1 Like

Pinging again for this. We have been stuck for really long time.

1 Like

Hi @ayush.oli,

I have reviewed your code snippet. Could you share what is the API endpoint you are trying to reach?

Is it an Auth0-related endpoint? Like one from the Management API?

Thanks,
Rueben

Check if the API permissions or token scopes have changed. Also, ensure proper authentication and authorization in Auth0 Actions.

This was something unrelated to auth0. We were having issues with Cloudflare. Closing this for now. Thank you for your help.

1 Like

Hi @ayush.oli,

That sounds good.

Keep us posted if you continue to experience issues.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.