Hey there, i noticed something weird while working on my application which is when i signup an account with gmail for example and assign a role to it and try to acess jwt in my react front-end it works normal and return a JWT with permissions, but when i use email/password login and confirm the account i get “Consent required” when i try to get the user token with permissions but it still login in?
i tried to edit Database settings to allow all applications access or at least the ones i need, but still doesn’t work?
any idea please what is causing that
here is a snippet of the code responsible for fetching token :
const App: FC = () => {
const [setToken, setRole] = useStore(state => [ state.setToken, state.setRole])
const { getAccessTokenSilently, user } = useAuth0();
useEffect(() => {
const setUserMetadata = async () => {
try {
const accessToken = await getAccessTokenSilently({
audience: import.meta.env.VITE_REACT_APP_AUDIENCE
});
setToken(accessToken)
console.log(accessToken);
const p = jwt(accessToken!) as {permissions: string[]}
// user permissions
const permissions = p.permissions
console.log(permissions);
//handle permissions
} catch(e: any) {
console.log(e.message);
}
};
setUserMetadata()
}, [getAccessTokenSilently, user?.sub]);
and here is my custom provider:
const AuthProviderWithHistory = ({ children }: {children?: JSX.Element[] | JSX.Element}) => {
const domain = import.meta.env.VITE_REACT_APP_AUTH0_DOMAIN;
const clientId = import.meta.env.VITE_REACT_APP_AUTH0_CLIENT_ID;
const redirectUri = import.meta.env.VITE_REACT_APP_AUTH0_CALLBACK_URL;
const onRedirectCallback = (appState?: AppState) => {
history.push(
appState && appState.returnTo ? appState.returnTo : window.location.pathname
);
};
if (!(domain && clientId)) {
return null;
}
return (
<Auth0Provider
domain={domain}
clientId={clientId}
redirectUri={redirectUri}
onRedirectCallback={onRedirectCallback}
scope="read:current_user update:current_user_metadata"
>
{children}
</Auth0Provider>
);
}
export default AuthProviderWithHistory
EDIT:
i had to put the audience in my custom Auth0Provider like this in order to get permissions :
const AuthProviderWithHistory = ({ children }: {children?: JSX.Element[] | JSX.Element}) => {
const domain = import.meta.env.VITE_REACT_APP_AUTH0_DOMAIN;
const clientId = import.meta.env.VITE_REACT_APP_AUTH0_CLIENT_ID;
const redirectUri = import.meta.env.VITE_REACT_APP_AUTH0_CALLBACK_URL;
const audience = import.meta.env.VITE_REACT_APP_AUDIENCE
const onRedirectCallback = (appState?: AppState) => {
history.push(
appState && appState.returnTo ? appState.returnTo : window.location.pathname
);
};
if (!(domain && clientId)) {
return null;
}
return (
<Auth0Provider
domain={domain}
clientId={clientId}
redirectUri={redirectUri}
onRedirectCallback={onRedirectCallback}
scope="read:current_user update:current_user_metadata"
audience={audience}
>
{children}
</Auth0Provider>
);
}
export default AuthProviderWithHistory
and my App now looks like this:
const App: FC = () => {
const [setToken, setRole] = useStore(state => [ state.setToken, state.setRole])
const { getAccessTokenSilently, user } = useAuth0();
useEffect(() => {
const setUserMetadata = async () => {
try {
const accessToken = await getAccessTokenSilently();
setToken(accessToken)
console.log(accessToken);
const p = jwt(accessToken!) as {permissions: string[]}
// user permissions
const permissions = p.permissions
console.log(permissions);
permissions.includes("crud:baristas") && permissions.includes("crud:managers") && permissions.includes("delete:users") && permissions.includes("block-unblock:users") ?
setRole("admin") : permissions.includes("crud:baristas") ?
setRole("manager") : permissions.includes("crud:globalMenu") ?
setRole("barista") : setRole("customer")
} catch(e: any) {
console.log(e.message);
}
};
setUserMetadata()
}, [getAccessTokenSilently, user?.sub]);
return ...
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.