Hi,
I’d like to fetch the app’s roles list (not the specific user’s) from Auth0 inside of a rule.
I can’t access ManagementClient/getRoles with auth0.accessToken because it’s limited to the read:users and update:users scopes.
This information is based on both tests and the following article:
I’m trying to get a credentials grant with the ‘read:roles’ scope, but I’m getting an access denied error.
Rule:
function (user, context, callback) {
const lib = require('auth0@2.23.0');
function getToken() {
const auth = new lib.AuthenticationClient({
domain: auth0.domain,
clientId: 'myclientid',
clientSecret: 'myclientsecret'
});
return auth.clientCredentialsGrant(
{
audience: 'https://mytenant.auth0.com/api/v2/',
scope: 'read:roles'
}
);
}
getToken()
.then(result => {
console.log('result', result);
})
.catch(error => {
console.log('error', error);
})
.finally(() => {
callback(null, user, context);
});
}
Error:
access_denied: {"error":"access_denied","error_description":"Client is not authorized to access \"https://royibernthal.us.auth0.com/api/v2/\". You might probably want to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants"}
at /data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/src/Client.js:387:27
at Request.callback (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/index.js:728:3)
at /data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/index.js:916:18
at Stream.<anonymous> (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/parsers/json.js:19:7)
at Stream.emit (events.js:314:20)
at Stream.EventEmitter.emit (domain.js:506:15)
at Unzip.<anonymous> (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/unzip.js:55:12)
at Unzip.emit (events.js:326:22)
at Unzip.EventEmitter.emit (domain.js:506:15)
at endReadableNT (_stream_readable.js:1241:12)
at processTicksAndRejections (internal/process/task_queues.js:84:21) {
statusCode: 403,
requestInfo: {
method: 'post',
url: 'https://royibernthal.us.auth0.com/oauth/token'
},
originalError: Error: Forbidden
at Request.callback (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/index.js:706:15)
at /data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/index.js:916:18
at Stream.<anonymous> (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/parsers/json.js:19:7)
at Stream.emit (events.js:314:20)
at Stream.EventEmitter.emit (domain.js:506:15)
at Unzip.<anonymous> (/data/_verquire/_node12/auth0-extension-s3-tools/1.1.1/node_modules/rest-facade/node_modules/superagent/lib/node/unzip.js:55:12)
at Unzip.emit (events.js:326:22)
at Unzip.EventEmitter.emit (domain.js:506:15)
at endReadableNT (_stream_readable.js:1241:12)
at processTicksAndRejections (internal/process/task_queues.js:84:21) {
status: 403,
response: Response {
_events: [Object: null prototype] {},
_eventsCount: 0,
_maxListeners: undefined,
res: [IncomingMessage],
request: [Request],
req: [ClientRequest],
text: '{"error":"access_denied","error_description":"Client is not authorized to access \\"https://royibernthal.us.auth0.com/api/v2/\\". You might probably want to create a \\"client-grant\\" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants"}',
body: [Object],
files: undefined,
buffered: true,
headers: [Object],
header: [Object],
statusCode: 403,
status: 403,
statusType: 4,
info: false,
ok: false,
redirect: false,
clientError: true,
serverError: false,
error: [Error],
created: false,
accepted: false,
noContent: false,
badRequest: false,
unauthorized: false,
notAcceptable: false,
forbidden: true,
notFound: false,
unprocessableEntity: false,
type: 'application/json',
links: {},
setEncoding: [Function: bound ],
redirects: [],
[Symbol(kCapture)]: false
}
}
}