Custom Social Connection: Vinli

Help
1

I’m creating a custom social connection with Vin.li. I have a ll the information from the developers at Vin.li but I’m getting the "error": "invalid_request" message when testing. I’m able to complete the full process of exchanging the code for an access token using a tool like POSTman:

Request

POST /oauth/token HTTP/1.1
Host: auth.vin.li
Content-Type: application/json
Authorization: Basic <removed>

{
        "grant_type": "authorization_code",
        "code": "<removed>",
        "redirect_uri": "https://meterfeeder.auth0.com/login/callback"
}

Response

{
    "access_token": "<removed>",
    "expires_in": 15551999,
    "token_type": "Bearer"
}

I can then use that access_token to get the user account:

Request

GET /api/v1/users/_current HTTP/1.1
Host: auth.vin.li
Authorization: Bearer <removed>

Response

{
    "user": {
        "id": "<removed>",
        "firstName": "Daniel",
        "lastName": " ",
        "email": "dan@example.com",
        "phone": "+222-2222",
        "image": null,
        "createdAt": "2016-11-01T17:49:10.893Z",
        "updatedAt": "2017-01-05T04:32:40.080Z",
        "settings": {
            "unit": "imperial",
            "locale": "en-US"
        }
    }
}

Here is my Fetch User Profile Script:

function(accessToken, ctx, cb) {
  request({
    method: 'GET',
    url: 'https://auth.vin.li/api/v1/users/_current'
    headers: {
      Authorization: 'Bearer ' + accessToken
    }
  }, function(err, resp, body) {

    if (err) return cb(err);
    if (resp.statusCode !== 200) return cb(new Error(body));

    var profile = JSON.parse(body);
    if (!profile || !profile.user) return cb(new Error(body));

    var user = {
      user_id: profile.user.id,
      name: [profile.user.firstName, profile.user.lastName].join(' '),
      email: profile.user.email,
      picture: profile.user.image
    };

    cb(null, user);
  });
}

I’ve triple checked the Client ID, Client Secret, and URLs. There is nothing in the Customer Headers field.

Any ideas to solve this problem would be appreciated!

Thanks,

3

Hey there @dan5! Are you getting this error on your POST /oauth/token request or your GET “/api/v1/users/_current” request? This should help us moving forward in troubleshooting. Thanks!

4

HI @James.Morrison,

I don’t know how to determine that. It is the result of the GET https://meterfeeder.auth0.com/login/callback?code=... request. I don’t know enough to know what auth0 is doing server side in that request but I’m guessing that it is POSTing the code to Vin.li’s /oauth/token.

Here is the network flow, starting at the Vin.li login page:

POST https://auth.vin.li/api/v1/sessions

Status Code: 303 See Other
set-cookie: session=<removed>; HttpOnly; SameSite=Strict; Path=/
location: /oauth/authorization/new?response_type=code&amp;redirect_uri=https%3A%2F%2Fmeterfeeder.auth0.com%2Flogin%2Fcallback&amp;scope=*&amp;state=<removed>&amp;client_id=<removed>

GET https://auth.vin.li/oauth/authorization/new?response_type=code&redirect_uri=https%3A%2F%2Fmeterfeeder.auth0.com%2Flogin%2Fcallback&scope=*&state=<removed>&client_id=<removed>

Status Code: 302 Found
location: https://meterfeeder.auth0.com/login/callback?code=<removed>&state=<removed>

GET https://meterfeeder.auth0.com/login/callback?code=<removed>&state=<removed>

Status Code: 302
location: https://manage.auth0.com/tester/callback?connection=Vinli&error=invalid_request
set-cookie: auth0=<removed>; Path=/; Expires=Sun, 02 Sep 2018 12:24:29 GMT; HttpOnly; Secure

GET https://manage.auth0.com/tester/callback?connection=Vinli&error=invalid_request

Status Code: 200
set-cookie: auth0l=<removed>; Domain=.auth0.com; Path=/; Expires=Thu, 06 Sep 2018 12:24:30 GMT; HttpOnly; Secure
5

Whenever I use the fetch user profile script above I get invalid request error returned. However upon further inspection when I look at your tenant profile now, I no longer receive said error. This may be the result of the fetch user profile script being updated from where it was previously being referenced. Are you still running into the error previously stated? If you are still running into the issue, install the real time webtask logs extension, add a console.log statement and then utilize the try button and see the response you receive. It should provide more context on the error being generated and you will be able to confirm the fetch user profile script is successfully running. Please let me know if you have any other questions. Thanks!

6

I installed the Real-Time Webtasks Log extension and then updated the Fetch User Profile script (see below). Saving and then clicking “try” did not log any information.

I’m still seeing the same invalid_request error.

function(accessToken, ctx, cb) {
  console.log(accessToken);
  request.get('https://auth.vin.li/api/v1/users/_current?access_token=' + accessToken, function(err, resp, body) {
    console.log(err, body);
    if (err) return cb(err);
    if (resp.statusCode !== 200) return cb(new Error(body));

    var profile = JSON.parse(body);
    if (!profile || !profile.user) return cb(new Error(body));

    var user = {
      user_id: profile.user.id,
      given_name: profile.user.firstName,
      family_name: profile.user.lastName,
      email: profile.user.email,
      picture: profile.user.image
    };

    cb(null, user);
  });
}
7

@James.Morrison can you give me some insight into what the request from Auth0 to Vin.li looks like to fetch the auth_token from the auth_code?

It should be similar to the first request/response I provided in my original post.

8

After talking with one of our incredible support leads we found that according to the Vin.li developer docs an Authorization header is required for all requests. In your initial post, you mentioned that your requests via Postman were working as expected, and your provided example for the /oauth/token call had an Authorization header:

POST /oauth/token HTTP/1.1
Host: auth.vin.li
Content-Type: application/json
Authorization: Basic <removed>

{
        "grant_type": "authorization_code",
        "code": "<removed>",
        "redirect_uri": "https://meterfeeder.auth0.com/login/callback"
}

You also mentioned that you have no “custom headers” defined for the custom social connection. It is possible that Vin.li is rejecting the request because it expects the Authorization header to be present and it is not. Please see our docs for setting up Basic authentication for a custom social connection here: https://auth0.com/docs/extensions/custom-social-extensions#optional-set-up-basic-authentication

9

I tried that at one point to, what I thought was, no avail. Back in POSTman I removed the Auth header and put the credentials in the body. The result was Missing authentication. Step in the right direction!

Ok, so I copied the working header from POSTman into the custom headers field, save, try … invalid_request. Crud.

Still no messages in the “Real-Time Webtasks Log” extension …

Custom Headers

{
  "authorization": "Basic <removed base64 data>="
}
10

When you get a moment can you please try to change your token URL from

https://auth.vin.li/api/v1/oauth/token

to

https://auth.vin.li/oauth/token

After which you would give it another test. Thanks in advance!

11

@James.Morrison thanks for catching that. I had been trying a different options last week in a flailing attempt to get something to work.

After making that update I’m getting the same error, however.

12

Trying to replicate this internally with our own Vinli Dev account we were unable to get this to work successfully. The issue is Vinli supplies no logs on any errors occurring, I would recommend reaching out to Vinli support to see if they can provide you any further insight on what may be happening on their side.

1 Like