Getting 401 in my auth0 action, even though the token works in postman?

nolanl13 · February 20, 2023, 6:19pm

Hello, so i am completely stumped on this one. I created an action last Friday to ping my API on post user registration. It worked fine on Friday and today I had a new error about a callback issue. I changed stuff around and it now seems to run but it gets a 401 when I try to ping the API. Ive tried doing a cURL with the same client id and secret as the M2M one I created for the action. and it works fine no auth errors. but for some reason it doesn’t when its running in the action? It’s also working when I test the action and a valid access token is created? I’m baffled, any help on this would really be amazing.

this is my code


const axios = require('axios');
exports.onExecutePostUserRegistration = async (event, api) => {
console.log(event.user)
   const options = { method: 'POST',
    url: `https://project-pylo.eu.auth0.com/oauth/token`,
    headers: { 'content-type': 'application/json' },
    data: `{"client_id":"${event.secrets.RULE_APP_CLIENT_ID}","client_secret":"${event.secrets.RULE_APP_CLIENT_SECRET}","audience":"https://project-pylo-api.com","grant_type":"client_credentials"}` };
  
  axios(options)
    .then((response) => {
      const access_token = response.data.access_token;
     const createUserResponse = axios.post("https://eaa6-178-167-195-2.eu.ngrok.io/user", { 
  name: event.user.name,
  email: event.user.email,
  sub: event.user.user_id
}, 
{
  headers: {
    Authorization: `Bearer ${access_token}`
  }
      });
      console.log(createUserResponse.data);
    })
    .catch((error) => {
      console.error(error);
    });

};

spoudel · February 20, 2023, 8:12pm

Is this client authorized to use the api that you’re trying to call. And, does the client have the appropriate scopes. I would look into it first. The logs might be helpful too.

nolanl13 · February 23, 2023, 10:33am

Hi thanks for replying to my post!
Yes it does have authorisation and the appropriate scopes, read:users, write:users, I moved it over to a after first login action as from some digging I saw that post-registration seems to only be triggered on creation in a customer database linked to auth0 or passwordless registration which is not what I’m using. When I run the test in the action I can see a user is created and the user payload prints out in my API console so it has permissions in testing just not when I actually sign someone up?

tyf · February 24, 2023, 12:23am

Hey there @nolanl13 !

That’s correct that post registration Action will only run for database users, i.e. not a social connection. See (and upvote!) this feedback request:

Is the code successful in a post login Action?

system · March 10, 2023, 12:23am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.