I’ve been trying to set up OAuth with Patreon so that I can query their API to find information about a user’s current subscription status, etc. In a previous post here I was pointed to the fact that I don’t get the access token from Patreon directly, but would need to use the Auth0 Management API to query the user and pull it from there – see Call an Identity Provider API.
This looks simple enough but I’m getting an ‘Unauthorized’ response on step 2 of the above linked doc. To simplify things I’ve just been testing via Postman so there are no libraries or anything getting in the way. What I did to set up:
Created a test application for the management API
Granted all permissions for that test application (I know you only need a couple, I just enabled all for testing)
Taken the user ID of the only user I have from the Users page in Auth0 (me from testing)
This works great, I get an access token back with all the many permissions I’ve granted it.
Attempt to query the user profile:
curl --request GET \
--url 'https://dev-{tenant}.us.auth0.com/api/v2/users/%7B{user id}%7D' \
--header 'authorization: Bearer {access token from 1}'
here I just get the string ‘Unauthorized’ back.
I think this might be because my user has only authorized my test application with Patreon and not the Management API application which is what the access token is granted for? But that seems like it should work, in the example from the linked doc their user has 1 identity from a Google login and the management API is able to load their info ok.
I checked the Logs page in Auth0 and I see the Success Exchange event from generating the access token, but I there are no entries added for when I hit the users endpoint and get the Unauthorized.
When creating the test application I selected all the permissions just so that it wouldn’t be an issue during testing. However, even with all permissions granted I’m still getting Unauthorized on all my requests.
On that page, you should see a drop-down menu to select an application for testing. After you have selected your application, the next section has a code snippet that you can use to request an access token. Below that, is the Response section which has an access token.
Could you please use that access token that was provided against the Management API’s Get a user endpoint and let me know how it goes?
@rueben.tiow that’s what I was using to try to test, and what was giving me ‘Unauthorized’ when trying to hit the users endpoint.
However, over the weekend I figured out how to authenticate with Patreon’s API directly without using Auth0 so I switched over to that instead. So I’m not sure what was going on with my Auth0 setup but I’m also not using it anymore