Getting ID token from user added via Management API

forstmeier · January 2, 2021, 8:32pm

Hi!

I’m adding users programmatically via the Management API (with usernames and passwords) but I’m unable to fetch JWTs for these users after their added. I have a Vue frontend that I’ve added a user through and have been able to fetch that token both in the browser and a helper “fetcher” script I have - that uses the http://auth0.com/oauth/grant-type/password-realm grant type. Trying to use that same script but changing the username/password to one of the users that was “programmatically” added but no luck.

I’m sure I’ll need to provide additional information on my situation but any insight would be helpful.

Best,
John

mathiasconradt · January 4, 2021, 7:23am

Hi John,
you should check the logs in the Dashboard > Logs or Dashboard > Monitoring > Logs for details - do you see any failed logins there?
Also, the users you create via management API vs. the login in your Vue application: sure it’s referring to the same/correct database connection and not different ones?

Also, in the Dashboard > Authentication > Database (or Dashboard > Connections, depending if. you use the new or old dashboard UI), you can use the “Try” button there to test a particular connection with a particular set of credentials. This way you know whether the issue is with the Vue app or the credentials.

As you said, too little information, but best is to check the logs.

forstmeier · January 3, 2021, 6:20pm

Hey, @mathiasconradt, the additional clarity from the logs was exactly what I was looking for.

The root cause of my issue was that the username/email were not being properly URL encoded in my code which caused issues when I attempted to fetch a token via the http://auth0.com/oauth/grant-type/password-realm grant type. Problem solved!

My follow up questions regard my actual use of Auth0. I’m using Auth0 in conjuction with Dgraph specifically for use with their authorization and @auth directive features which require custom claims to be added to the received token.

In my tenant I have a Hook configured for “programmatic” access (my internal services) and a Rule configured for “user” access (external users of my project) which perform the required updates (e.g. setting the “isApp” flag to true/false to indicate programmatic/user).

Also in the tenant I have an M2M App configured for issuing the former token via a client_credentials flow (when this flow is triggered the “isApp” claim is set to “true”).

The other App configured in the tenant is the SPA App for the latter token. This is currently retrieved by the Vue frontend but I would also like to expose an SDK that allows users to set up programmatic access to my project. I have a small script that I use for the http://auth0.com/oauth/grant-type/password-realm grant type flow (mentioned above) but would like that (or whatever more appropriate Auth0 App/API/grant flow recommended) to be exposed more robustly to third-parties.

First question is:

Is this configuration generally in-line with best practices?
What is the best way to configure Auth0 and my project to support an SDK that utilizes the ID tokens for “programmatic” access by a third-party?

Thanks again for your help - totally unblocked my progress!

Best,
John