Can't pass bearer token to createuser api

melanie.alexandra · December 23, 2021, 5:51pm

I’m trying to implement something like this question, but this person figured it out and didn’t post the exact code. I’m quite new to Express and I’m trying to figure out how to pass the bearer token to the next middleware to use the createUser api.

My code is like this so far:

const getAccessToken = (req, res, next) => {
  console.log("HITS GET ACCESS TOKEN")
  const token = request(options, function (error, response, body) {
    if (error) throw new Error(error);
    return res.json(body);
  });
  req.token = token
  next()
};

const getMgmtToken = (req, res, next) => {
  console.log("HITS GET MGMT TOKEN", req.token )
var apiOptions = {
  method: 'GET',
  url: 'https://dev-ojz7tf-3.us.auth0.com/api/v2/users',
  headers: {authorization: req.token},
  body: {
    "email": "caroline.duff@gmail.com",
    "phone_number": "+199999999999999",
    "user_metadata": {},
    "blocked": false,
    "email_verified": false,
    "phone_verified": false,
    "app_metadata": {},
    "given_name": "John",
    "family_name": "Doe",
    "name": "John Doe",
    "nickname": "Johnny",
    "picture": "https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png",
    "user_id": "abc",
    "connection": "Initial-Connection",
    "password": "secret",
    "verify_email": false,
    "username": "carolineduff"
  }
};


axios.request(apiOptions).then(function (response) {
  console.log(response.data);
  return res.json(response.data);
}).catch(function (error) {
  console.error(error);
});
  next()
};

app.post("/createUser", getAccessToken, getMgmtToken, (req, res) => {
  return;
});

I can get the access token, and I can make a curl request to the createUser endpoint to successfully create a new user with the access token I get - but I can’t pass the bearer token between requests on my backend.

It’s probably very basic, but I think it would help a few people like me!

melanie.alexandra · December 23, 2021, 5:52pm

This is question I’m referring to: How to create, update, delete and search users using API call - #2 by cibrax

melanie.alexandra · December 23, 2021, 11:15pm

This is my code so far and it does pass the bearer token to the createUser endpoint, but it always returns unauthenticated - can you explain what I’m doing wrong?

const getAccessToken = (req, res, next) => {
  request(options, function (error, response, body) {
    if (error) throw new Error(error);
    const token =  body
    // console.log(token);
    req.token = JSON.parse(token)
    console.log(req.token)
    next()
  });

}

const getMgmtToken = (req, res, next) => {
  var apiToken = "Bearer " + req.token.access_token
var apiOptions = {
  method: 'POST',
  url: '<MY_URL>/api/v2/users',
  headers: {authorization: apiToken},
  body: {
    "email": "newuser.name@gmail.com",
    "phone_number": "+199999999999999",
    "user_metadata": {},
    "blocked": false,
    "email_verified": false,
    "phone_verified": false,
    "app_metadata": {},
    "given_name": "John",
    "family_name": "Doe",
    "name": "John Doe",
    "nickname": "Johnny",
    "picture": "https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl.gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png",
    "user_id": "abc",
    "connection": "Initial-Connection",
    "password": "secret",
    "verify_email": false,
    "username": "newUserName"
  }
};


axios.request(apiOptions).then(function (response) {
  console.log(response.data);
  return res.json(response.data);
}).catch(function (error) {
  console.error(error);
});
  next()
};

app.post("/createUser", getAccessToken, getMgmtToken, (req, res) => {
  return;
});

I get

data: {
      statusCode: 401,
      error: 'Unauthorized',
      message: 'Invalid token',
      attributes: [Object]
    }

and

isAxiosError: true,

On this page Auth0 Mgmt API I can see under the curl command for Sending the token to the API, a much longer Bearer token and when I use that curl command with the url for createUsers on the api/v2 it is successful - although why is it a GET not a POST as in the docs?

Changing the method in my code to GET still returns 401. How come it isn’t sending me the full access token? The real one is 3x as long!