Generic OAuth Connection with Polar Flow Failing

jembach · October 31, 2020, 12:44pm

Hi,

currently I’m trying to add a custom social connection using the generic OAuth approach.
The goal is, that my customers can login using polar flow. I have added everything as the auth0 and the polar documentations are describing.

Every-time I log in using polar flow, I get an error similar to this:

 {
  "date": "2020-10-31T12:26:55.078Z",
  "type": "f",
  "connection": "Polar-Access-Link",
  "connection_id": "SOME_CONNECTION_ID",
  "client_id": "SOME_CLIENT_ID",
  "client_name": "All Applications",
  "ip": "SOME_IP",
  "user_agent": "SOME_USER_AGENT",
  "details": {
    "body": {},
    "qs": {
      "state": "SOME_STATE",
      "code": "SOME_CODE"
    },
    "connection": "Polar-Access-Link",
    "error": {
      "oauthError": "invalid_request",
      "type": "request-error"
    },
    "session_id": "SOME_SESSION_ID"
  },
  "hostname": "SOME_HOSTENAME",
  "strategy": "oauth2",
  "strategy_type": "social",
  "log_id": "90020201031122700188000481895412990414434796134750748706",
  "_id": "90020201031122700188000481895412990414434796134750748706",
  "isMobile": false,
  "description": "User failed to login"
}

Currently I think have figured out, that the problem could be the access token exchange. Getting the authorization code is working well and the token is valid.

I have tested the OAuth login with polar flow manually using insomnia and it is working well. Therefore there must be a problem concerning auth0.

The documentation for Polar Flow could be found here: Polar Flow Auth

jembach · November 4, 2020, 12:07am

I have investigated some more time in this issue and found the problem.
Therefore I build up a proxy to the token endpoint of polar flow and send them only the data they are expecting.
In addition I found out how the token request by auth0 looks like:

{
  "body": {
    "grant_type": "authorization_code",
    "redirect_uri": "SOME_REDIRECT_URI",
    "client_id": "SOME_CLIENT_ID",
    "client_secret": "SOME_CLIENT_SECRET",
    "code": "SOME_CODE"
  },
  "header": {
    "connection": "Keep-Alive",
    "host": "SOME_HOST",
    "content-length": "246",
    "accept-encoding": "gzip",
    "user-agent": "Auth0 (http://auth0.com)",
    "content-type": "application/x-www-form-urlencoded",
  }
}

Finally I figured out, that polar flow is restricting their token endpoint to not receive a client_id in the body. After pruning it in my proxy everything worked well

konrad.sopala · November 4, 2020, 1:13pm

Perfect glad to hear that! Thanks for sharing it with the rest of community!

system · November 19, 2020, 1:13pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.