I have a database with existing users and I want to be able to log them in with oidc. They were not registered via Auth0.
I have added a custom-database connection and a login action script that works, but if I add oidc login to the app and try login it gives me a 404. I’m guessing this is because they are not connected to a provider.
Is it possible to connect a user to oidc like this post-registration?
Hi @mattymillar
If you have a non-Auth0 DB, you can connect to it via an Auth0 custom DB.
I am not sure why you are getting the 404, nor what you mean by “they are connected to a provider”. If you provide more details, we can try to help.
John
Hi John,
Thanks for your reply. I’m doing a spike to see how we can seamlessly integrate oidc with our existing registration/login process.
So far I have:
When I try login I’m actually getting a 404 wrapped in a 400 (400: access_denied (Request failed with status code 404). My first guess was that it’s because the users in my db are not linked with an oicd provider at all (this is what I meant by provider).
Do I need to link the users in the db with oicd somehow before trying to login, or is done automatically? Is it possible to keep our current external registration process (and then link with oidc after that), or is it necessary to have Auth0 involved in our registration process?
I may be way off track here, thanks for your time!
Cheers,
Matt
Ok, I think I understand a bit better. There are 2 things here: OIDC and the custom DB.
For an Auth0 DB connection (whether custom or not), normally you use OIDC to authenticate. This is “out-of-the-box” and requires no special configuration. You can see this by turning on developer tools and look at the network trace, you’ll see a call to /authorize that is an OIDC compliant call.
So, I’m confused why you need the Enterprise OIDC connection - you don’t need that.
Try without it, then post screenshots or detailed log messages about the failure.
John
Thanks for clearing that up, have disabled Enterprise.
The login is successful on the custom-db side of things. It is returning a 200 with the user data, and the login action script is setting the name/nickname correctly as this is being set against the user in User Management
Something is going wrong after that though as I’m getting the 400. If I look in the logs I’m getting “Failed Login”.
Raw:
{
"date": "2022-06-29T15:04:32.295Z",
"type": "f",
"description": "Request failed with status code 404",
"connection": "matt-local-users",
"connection_id": "con_LNdghu02qiam3Xto",
"client_id": "####",
"client_name": "oidc-app",
"ip": "2a01:4c8:10fa:8cf:2f14:9731:fffe:fae5",
"user_agent": "Chrome 102.0.5005 / Linux 0.0.0",
"details": {
"body": {},
"qs": {
"state": "alhaKNoz9_Y0piQ3HGki89N54Z3fRhbC"
},
"connection": "matt-local-users",
"error": {
"message": "Request failed with status code 404",
"oauthError": "access_denied",
"type": "oauth-authorization"
},
"session_id": "9cyb4qYPMf-bic3hJwGUGS38-PkDxX-o",
"actions": {
"executions": [
"9fdL0KLhSwqWP0UUedjMSjIwMjIwNjI5"
]
}
},
"hostname": "####",
"user_id": "auth0|87e456e8-d494-4040-9e93-a0bb691320ae",
"user_name": "Everett Renner I",
"strategy": "auth0",
"strategy_type": "database",
"audience": "https://####/userinfo",
"scope": [
"openid",
"profile",
"email"
],
"log_id": "90020220629150434017473372733025401167369357927844413506",
"_id": "90020220629150434017473372733025401167369357927844413506",
"isMobile": false,
"id": "90020220629150434017473372733025401167369357927844413506"
}
Context:
{
"body": {},
"qs": {
"state": "alhaKNoz9_Y0piQ3HGki89N54Z3fRhbC"
},
"connection": "matt-local-users",
"error": {
"message": "Request failed with status code 404",
"oauthError": "access_denied",
"type": "oauth-authorization"
},
"session_id": "9cyb4qYPMf-bic3hJwGUGS38-PkDxX-o",
"actions": {
"executions": [
"9fdL0KLhSwqWP0UUedjMSjIwMjIwNjI5"
]
}
}
Action Details:
{
"action_name": "Create/Get User",
"response": {
"error": {
"message": "Request failed with status code 404",
"name": "Error",
"stack": "Error: Request failed with status code 404\n at createError (/data/_verquire/axios/0.15.2/node_modules/axios/lib/core/createError.js:15:15)\n at settle (/data/_verquire/axios/0.15.2/node_modules/axios/lib/core/settle.js:18:12)\n at IncomingMessage.handleStreamEnd (/data/_verquire/axios/0.15.2/node_modules/axios/lib/adapters/http.js:168:11)\n at IncomingMessage.emit (node:events:406:35)\n at IncomingMessage.emit (node:domain:532:15)\n at endReadableNT (node:internal/streams/readable:1329:12)\n at processTicksAndRejections (node:internal/process/task_queues:83:21)"
},
"stats": {
"total_request_duration_ms": 428,
"total_runtime_execution_duration_ms": 425,
"runtime_processing_duration_ms": 38,
"action_duration_ms": 387,
"boot_duration_ms": 38,
"network_duration_ms": 3
}
},
"error": {
"id": "invalid_argument",
"msg": "Invalid Argument"
},
"started_at": "2022-06-29T15:04:31.857447929Z",
"ended_at": "2022-06-29T15:04:32.285913108Z"
}
This failed action is called “Create/Get User”"… It seems to imply that I need to implement a Create User and/or a Get User action as well as Login?
I wouldn’t think this would be the case as Get User for example is used to “check if a user exists before executing flows that do not require authentication (signup and password reset)”
For what its worth I have created a Get User function that returns a dummy profile but I still get the 404
HI @mattymillar
Have you used the realtime webtask logs extension?
Install that in your tenant (it is under extensions).
Then you can put console.log statements in and see what is going on.
You need the create user script if users can self register (they probably can, unless you disabled that).
You need the get user script for password resets. Make sure it returns the same user ID, or you will have weird errors.
I’d suggest using console.log to figure out which script is running, and where exactly you get the error.
John