How to get identities access_token inside a post-login Actiom

raunakdaga · June 11, 2023, 9:46pm

Working off this question

How did you actually get the access token of the user in an action? I am running into the same issue, and the code I’m using with the management API isn’t working.

Here it is.

try {
    const auth0Domain = 'MY AUTH0 DOMAIN';
    const auth0ManagementApiClientId = event.secrets.CLIENT_ID
    const auth0ManagementApiClientSecret = event.secrets.CLIENT_SECRET
    const userId = event.user.user_id;

   const response = await axios.post(
      `https://${auth0Domain}/oauth/token`,
      {
        grant_type: 'client_credentials',
        client_id: auth0ManagementApiClientId,
        client_secret: auth0ManagementApiClientSecret,
        audience: `https://${auth0Domain}/api/v2/`,
      }
    );
    const managementToken = response.data.access_token;
    
    let domain = `https://${auth0Domain}/api/v2/users/${userId}`
    const userResponse = await axios.get(
      domain,
      {
        headers: {
          Authorization: `Bearer ${managementToken}`,
        },
      }
    );
    let userAccessToken = userResponse.data.identities[0].access_token

    console.log('user response: ', userResponse.data)

  } catch (error) {
    // Handle error response
    console.error('Error retrieving access token:', error);
  }

This code is succesful in getting A access token, but it’s not the same as the users, which I’ve verified by manually printing out the access token from this request and a valid request on the backend. So whos accces token is it, I don’t know??

Any help?

raunakdaga · June 11, 2023, 10:31pm

Ok - update, I’m now succesfully retrieving the “access_token” from the Management USER api.

However, this “access_token”, still doesn’t succesfully authenticate with my backend (Django) which is calling Auth0’s authentication JWT decoding service.

Here’s the Django code.

def jwt_decode_token(token):
    print(token)
    AUTH0_DOMAIN = settings.AUTH0_DOMAIN
    header = jwt.get_unverified_header(token)
    jwks = requests.get("https://{}/.well-known/jwks.json".format(AUTH0_DOMAIN)).json()

    public_key = None
    for jwk in jwks["keys"]:
        if jwk["kid"] == header["kid"]:
            public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(jwk))

    if public_key is None:
        raise Exception("Public key not found.")

    issuer = "https://{}/".format(AUTH0_DOMAIN)

    return jwt.decode(
        token,
        public_key,
        audience="https://delilah-backend/api",
        issuer=issuer,
        algorithms=["RS256"],
    )

Why won’t the “access_token” received work to authenticate on the backend? is it because access_token isn’t the same as the JWT token I receive from normal API requests on the frontend?

the code i’m using to get “access_token” can be seen in the updated original code in my first post in this thread.