Failed Silent Auth due to access denied to service management api

Help
, ,
1

I am trying to make auth0.js v8 renewAuth work in my SPA.

I have a management api set in my account ( https://remoto-dev.auth0.com/api/v2 ).

I created a silent-authentication callback page ( http://localhost:4200/silent-authentication.html ) and added it to the list of Allowed Callback Urls. Also, I added https://remoto-dev.auth0.comto the list of Allowed Origins.

My callback page follows @jmangelo example from another question:

  <!DOCTYPE html>
  <html>
    <head>
      <script src="https://cdn.auth0.com/js/auth0/8.0.4/auth0.min.js"></script>
      <script type="text/javascript">
        var webAuth = new auth0.WebAuth({
          domain: 'remoto-dev.auth0.com',
          clientID: 'KGo7Zr98BNJlFjgquRNM4vziGmpg7jfx'
        });
        var result = webAuth.parseHash(window.location.hash, function(err, data) {
          debugger;
          parent.postMessage(err || data, "https://localhost:4200");
        });
      </script>
    </head>
    <body></body>
  </html>

Still, I get:

  {
    "date": "2017-06-22T16:16:32.397Z",
    "type": "fsa",
    "description": "Service not found: https://remoto-dev.auth0.com/api/v2",
    "client_id": "KGo7Zr98BNJlFjgquRNM4vziGmpg7jfx",
    "ip": "189.6.84.54",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
    "details": {
      "body": {},
      "qs": {
        "client_id": "KGo7Zr98BNJlFjgquRNM4vziGmpg7jfx",
        "response_type": "token",
        "redirect_uri": "http://localhost:4200/silent-authentication.html",
        "scope": "openid profile offline_access",
        "audience": "https://remoto-dev.auth0.com/api/v2",
        "prompt": "none",
        "response_mode": "fragment",
        "state": "z6mHifbf3do2aau0hHRe3oKz-AZhCc.A",
        "auth0Client": "eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOC42LjEifQ=="
      },
      "connection": null,
      "error": {
        "message": "Service not found: https://remoto-dev.auth0.com/api/v2",
        "oauthError": "access_denied",
        "type": "oauth-authorization"
      }
    },
    "log_id": "49574347664067592668682869819056035602820627264725581858"
  }

Why is my access to remoto-dev.auth0.com/api/v2 denied?

(sidenote: I am trying to renew every time I login, so I do not check if the token expired or if I got a 401 when trying to login, could it be a problem?)

2

The error Service not found: https://remoto-dev.auth0.com/api/v2 would seem to indicate you made a request with an audience parameter that targets https://remoto-dev.auth0.com/api/v2 which the included log proves to be the case.

However, the API identifier for the Management API ends with / so there’s a mismatch and the requested service cannot be found. You should use https://remoto-dev.auth0.com/api/v2/.

3

Thanks @jmangelo, that was really the reason for access denied.
Now the error changed … it says login required. :slight_smile:

4

@jmangelo I think I am bumping in another block here:
Failed Silent Auth due to Consent required.
I am using Auth0 Management API, so I assume that it gives consent automatically for my users from my app.

I thought the reason could be the fact that it was not giving consent to localhost, so I tried to change that by editing my /etc/hosts where I point 127.0.0.1 to dev.mydomain.com, but it didn’t work. Same error. Any idea?

5

Thanks @jmangelo, that was really the reason for access denied.
Now the error changed … it says login required. :slight_smile:

6

@jmangelo I think I am bumping in another block here:
Failed Silent Auth due to Consent required.
I am using Auth0 Management API, so I assume that it gives consent automatically for my users from my app.

I thought the reason could be the fact that it was not giving consent to localhost, so I tried to change that by editing my /etc/hosts where I point 127.0.0.1 to dev.mydomain.com, but it didn’t work. Same error. Any idea?

7

I provided a reply for the consent situation in the other question you posted.

8

Did you ever find the solution to your problem? I am experiencing the same/similar issue