Failed to load resource: the server responded with a status of 401 () in React.js/Nest.js

ludovicoc · November 27, 2023, 9:22pm

Hello webdev newbie here, i have seen this issue before in getting Failed to load resource: the server responded with a status of 401 () in /oauth/token.

My frontend is in React.js and backend is with Nest.js, it does work without issue if i set up the auth method ‘none’ but i’d like to my set up on Clinet Secret (Basic), any help would be appreciated!

// auth.strategy.ts
@Injectable()
export class Auth0Strategy extends PassportStrategy(Strategy, 'auth0') {
  constructor() {
    super({
      clientID: process.env.AUTH0_CLIENT_ID,
      clientSecret: process.env.AUTH0_CLIENT_SECRET,
      domain: process.env.AUTH0_DOMAIN,
      callbackURL: process.env.AUTH0_CALLBACK_URL,
      scope: 'openid profile email',
      state: false
    });
  }
  async validate(accessToken, refreshToken, extraParams, profile, done): Promise<any> {
    return done(null, profile);
  }
}

// auth.guard.ts
@Injectable()
export class Auth0Guard extends AuthGuard('auth0') {}
async validate(accessToken, refreshToken, extraParams, profile, done): Promise<any> {
    return done(null, profile);
  }
}

import React, { useEffect } from 'react';
import { useAuth0 } from '@auth0/auth0-react';
import { getAllFeed } from '../api/asset';

const Feed = () => {
  const { user, isAuthenticated, getAccessTokenSilently } = useAuth0();

  if (!isAuthenticated) {
    return <div>Loading or not authenticated...</div>;
  }

  return (
    <div>
      <h2>User Profile</h2>
      {/* Display user's info */}
      <p>Name: {user.name}</p>
      <p>Email: {user.email}</p>
      {/* ... other user information */}
    </div>
  );
};

export default Feed;

tyf · November 28, 2023, 1:43am

Hey there @ludovicoc welcome to the community!

I am guessing the clientID in question has the token_endpoint_auth_method set to none which won’t allow you to perform a client credentials exchange. You’ll need to update the token_endpoint_auth_method to client_secret_basic using the Management API.

ludovicoc · November 28, 2023, 6:21pm

hey @tyf thanks for the quick reply, i did exactly that and I’m getting the error I mentioned above, when it’s set ‘none’ everything works smoothly. Am I missing something in order to make it work with client secret (basic) ?

tyf · November 29, 2023, 1:40am

Hey @ludovicoc no problem, happy to help!

Do you mind DMing me the tenant and specific client_id you are working with so I can take a closer look at your settings?

ludovicoc · November 29, 2023, 11:51am

Sure, just sent it over

tyf · November 30, 2023, 1:25am

Awesome, thanks!

Can you share a bit more detail regarding where/how specifically you are running into this error? I guess I’d also like to learn why the need to use client secret (basic) in the context of your application. Typically, there is no need for a client credentials exchange in a user authentication/authorization flow but rather when authenticating the client itself against a resource (think machine to machine).

The more information you can provide about your specific use case the better!

ludovicoc · November 30, 2023, 2:06pm

yes of course I DM’you with more details, thanks again

tyf · December 1, 2023, 12:16am

Resolved in a DM as additional context was needed

ludovicoc · December 1, 2023, 4:30pm

Thanks again @tyf this was great and super helpful!

tyf · December 4, 2023, 10:22pm

No problem @ludovicoc I’m happy I was able to help!

system · December 18, 2023, 10:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.