Failed exchange after post login action (form). auth0 logs show null clientID

Help
,
1

Hello,

I’ve had a post login action that renders an onboarding form and its been working for months. Suddently today, I’m getting an “Unauthorized” error log, Type=“Failed exchange”.
The error shows up just as the user finishes posting the form.

In the error log, I see there is a null client ID. Not sure how this could happen, and I’ve changed nothing in auth0 lately.

Event data:

{
“audience”: “removed”,
“client_id”: null,
“client_name”: null,
“connection_id”: “”,
“date”: “2024-07-18T16:23:45.544Z”,
“description”: “Unauthorized”,
“hostname”: “removed”,
“ip”: “54.245.16.146”,
“scope”: null,
“type”: “feccft”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“user_id”: “”,
“user_name”: “”,
“log_id”: “90020240718162345629138000000000000001223372052626943043”,
“tenant_name”: “removed”,
“_id”: “90020240718162345629138000000000000001223372052626943043”,
“isMobile”: false,
“id”: “90020240718162345629138000000000000001223372052626943043”
}

Inside the Forms in the auth0 client, I can see the form execution has errors starting today.

Under execution, I see this error:

{
“code”: “ERR_ACTION_EXECUTION_ERROR”,
“message”: “Invalid OAuth credentials, please review the connection”
}

Under “Input”, I can see a bunch of metadata. I do see the correct “client” and “tenant” objects, including the correct client ID. So its interesting this form fails, with the input data having the correct client ID, but the auth0 log shows a null client id.

EDIT: if I comment out rendering of the form, everything works OK and I can login properly into the application. So I think there is a new bug in forms, but I could be wrong.

EDIT: Fixed. Somehow access to the management api was reset. Once I enabled access and scopes, its fixed. User error. Leaving this here for others.

3

Hello, I was wrong that this issue was fixed. It still persists.

I see the following error in the flow execution logs:

{
“code”: “ERR_ACTION_EXECUTION_ERROR”,
“message”: “Invalid OAuth credentials, please review the connection”
}

Under the Auth0 Management API, in Machine to Machine Applications I have granted my application the following scopes: is there something missing? The form sets some user and application metadata.

  • read:users_app_metadata
  • update:users_app_metadata
  • create:users_app_metadata

Any further advice appreciated!

1 Like
5

Hey there @michael33 !

Interesting - Sorry to hear this is still an issue!

Have you reviewed the vault connection for the M2M app you’ve selected to use in the Form? It might be worth deleting the connection and re-creating using the M2M you’ve used previously.

6

Thanks! I tried deleting and re-adding the Vault connection.
I’m copying the three fields directly from the Application->Settings field so I am sure they are correct.

Error details:

In input, I see various hidden fields, like this:

“context”: {
“user”: {
“email”: “███”,
“email_verified”: “███”,

And in the error section, I’m getting:

{
“code”: “ERR_ACTION_EXECUTION_ERROR”,
“message”: “Cannot find connection [ac_bffVmvwjW9vEhEhEfEx68C]”,
“details”: {
“connectionId”: “ac_bffVmvwjW9vEhEhEfEx68C”
}
}

Is there some way I can look up this connectionId in the console to debug this?

1 Like
7

Any insights? I don’t know how to debug this, it seems like it shoudl be working.

8

Hey @michael33 sorry for the delayed response here - Do you see that ID (ac_bffVmvwjW9vEhEhEfEx68C) in your vault connections? Which tenant are you working in? I did a quick search on your dev tenant and did not see that particular ID.

9

@tyf Progress, but still no go. Thanks for your suggestion. I went back and realized my flow’s vault connection had been reset, and I updated it.

Now the form submission actually finishes instead of erroring out… it at least continues to the login process.

But the meta-data I’m trying to update with the form isn’t getting set. In the Flow executions, the status is now “Success” - but I notice there is a 403 error. I’m not sure why the 403 error is being generated.

Under the Auth0 Management API in my console, under M2M Applications my application is turned on. The scopes have create, read and update:user_app_metadata checked off - so I think the permissions are correct?

I think I’m close, hopefully can get over the finish line soon.

1 Like
10

Hey there @michael33 apologize for the delayed response on this one :confused:

Looking back in the thread, I saw that you mentioned this action sets both user_metadata and app_metadata on the user - If that’s the case you will need to include the update:users permission to the M2M application. I believe adding the update:users might allow you to forego the update:users_app_metadata as well.

11

Hi @tyf , I tried updating the permission but no luck - still 403 error.

I badly need this fixed… I did notice differences in the Input Data in the execution logs between these recent failures and when this form worked a few months ago.

Isn’t it the case that the form itself should account for the input data? If it’s changing so drastically, is something wrong within auth0 forms?

At this point I’ll probably have to start from scratch, but I believe my story may be important for auth0 itself regarding forms and possible bugs.

Input May 29th:

{
  "fields": {
    "organization_name": "<removed>",
    "location_name": "<removed>",
    "organization_state_province": "CA",
    "organization_zip_postal": "<removed>",
    "user_first_name": "Test",
    "user_last_name": "User",
    "user_role": "<removed>",
    "mobile_number": {
      "number": "+<removed>",
      "nationalNumber": "<removed>",
      "national_number": "<removed>",
      "nationalFormat": "<removed>",
      "national_format": "<removed>",
      "internationalNumber": "<removed>",
      "international_number": "<removed>",
      "internationalFormat": "<removed>",
      "international_format": "<removed>",
      "countryCode": "US",
      "countryCodeIso": "US",
      "country_code_iso": "US",
      "countryCodeNumber": "1",
      "country_code_number": "1"
    },
    "state": "hKFo2SBkb2JKLWwxY2EyVWJLRXdCRmRGQW5hSFh1VHNfbmpmVaFutHJlbmRlci1jdXN0b20tcHJvbXB0o3RpZNkgRVFhaUpULUNwbmxVZnVyVWpSeVpNYkx6anltaWU3VGOjY2lk2SBaOG1FaHVMcjV2d3pRUWVjVDZESW5Tb1ZaWGliNFVvRA"
  },
  "context": {
    "user": {
      "user_id": "auth0|66573796b7565e9fae97e97f",
      "name": "<removed>",
      "nickname": "<removed>",
      "email": "<removed>",
      "email_verified": false,
      "picture": "https://s.gravatar.com/avatar/da5d5285a82b7eaf7b581774d4688e2c?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fmi.png",
      "user_metadata": {},
      "app_metadata": {},
      "created_at": "2024-05-29T14:11:34.519Z",
      "updated_at": "2024-05-29T14:11:34.519Z",
      "identities": [
        {
          "user_id": "66573796b7565e9fae97e97f",
          "isSocial": false,
          "provider": "auth0",
          "connection": "Username-Password-Authentication"
        }
      ]
    },
    "client": {
      "client_id": "Z8mEhuLr5vwzQQecT6DInSoVZXib4UoD",
      "name": "CareMate"
    },
    "tenant": {
      "name": "<removed>"
    },
    "transaction": {
      "state": "hKFo2SBkb2JKLWwxY2EyVWJLRXdCRmRGQW5hSFh1VHNfbmpmVaFutHJlbmRlci1jdXN0b20tcHJvbXB0o3RpZNkgRVFhaUpULUNwbmxVZnVyVWpSeVpNYkx6anltaWU3VGOjY2lk2SBaOG1FaHVMcjV2d3pRUWVjVDZESW5Tb1ZaWGliNFVvRA"
    }
  },
  "meta": {
    "navigator": {
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
      "language": "en-US"
    },
    "navigation": {
      "referer": "https://<removed>/u/signup?state=hKFo2SBmTERrSFFGMFBqaTM1YXNnVUlsX2lsWXFlN1R3VDlRRqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIEVRYWlKVC1DcG5sVWZ1clVqUnlaTWJMemp5bWllN1Rjo2NpZNkgWjhtRWh1THI1dnd6UVFlY1Q2REluU29WWlhpYjRVb0Q",
      "location": {
        "protocol": "https:",
        "hostname": "<removed>.us.auth0.com",
        "port": "",
        "host": "<removed>.us.auth0.com",
        "pathname": "/u/custom-prompt/ap_mBAmzuEAVQoDdx77epqfJ6",
        "search": "?state=hKFo2SBkb2JKLWwxY2EyVWJLRXdCRmRGQW5hSFh1VHNfbmpmVaFutHJlbmRlci1jdXN0b20tcHJvbXB0o3RpZNkgRVFhaUpULUNwbmxVZnVyVWpSeVpNYkx6anltaWU3VGOjY2lk2SBaOG1FaHVMcjV2d3pRUWVjVDZESW5Tb1ZaWGliNFVvRA",
        "searchParams": {
          "state": "hKFo2SBkb2JKLWwxY2EyVWJLRXdCRmRGQW5hSFh1VHNfbmpmVaFutHJlbmRlci1jdXN0b20tcHJvbXB0o3RpZNkgRVFhaUpULUNwbmxVZnVyVWpSeVpNYkx6anltaWU3VGOjY2lk2SBaOG1FaHVMcjV2d3pRUWVjVDZESW5Tb1ZaWGliNFVvRA"
        },
        "hash": "",
        "href": "https://<removed>/u/custom-prompt/ap_mBAmzuEAVQoDdx77epqfJ6?state=hKFo2SBkb2JKLWwxY2EyVWJLRXdCRmRGQW5hSFh1VHNfbmpmVaFutHJlbmRlci1jdXN0b20tcHJvbXB0o3RpZNkgRVFhaUpULUNwbmxVZnVyVWpSeVpNYkx6anltaWU3VGOjY2lk2SBaOG1FaHVMcjV2d3pRUWVjVDZESW5Tb1ZaWGliNFVvRA"
      },
      "analytics": {
        "ga": {}
      }
    },
    "view": {
      "screen": {
        "height": 1080,
        "width": 1920
      },
      "window": {
        "height": 699,
        "width": 1366
      }
    },
    "ip": "███",
    "geoip": {
      "cityName": "<removed>",
      "continentCode": "NA",
      "countryCode": "CA",
      "countryName": "Canada",
      "latitude": "49.86660",
      "longitude": "-97.19570",
      "timeZone": "America/Winnipeg",
      "subdivisionCode": "<removed>",
      "subdivisionName": "<removed>"
    }
  }
}

Input now:

{
  "connectionId": "ac_ebeYtRTLqBcv4iBZTrVeMV",
  "userId": "███",
  "changes": {
    "user_metadata": {
      "user_role": "somestring",
      "mobile_number": "+1<removed>",
      "user_last_name": "McGee",
      "user_first_name": "Tester",
      "location_city": "city",
      "organization_zip_postal": "<removed>",
      "organization_state_province": "CA",
      "location_street_address": "removed."
    }
  }
}