How to login via script with no user interaction

I’m struggling to login to an application without user interaction. I used to have an Azure logic app that would authenticate (database auth) and access a page in my application. That stopped working a few months back, not sure why. I now receive a 302 redirect that I try to follow but it returns more redirects.

I’ve tried the authentication API, silent authentication, resource owner password with no luck. The furthest I was able to get to was to get an ID_TOKEN or ACCESS_TOKEN, but when I try to use them the return is the redirect with the login page.

If someone could please point me in the right direction I appreciate it. What I need is to access a page from my application by using Azure Logic Apps, or any other type of script with no user interaction, which means the username and password would be stored by the script.

The furthest I was able to get to was to get an ID_TOKEN or ACCESS_TOKEN

If you get that far, then the login was definitely successful. Then I guess the rest is some issue on the client application side.

If the authentication you have in mind involves a user, and thus is not a pure machine-to-machine authentication, the resource owner password grant (ROPG) that you mention should work.

In order to tell what’s wrong, you’d definitely need to post some code snippets and detailed error logs, otherwise it’s hard to tell from the description above what’s potentially wrong.
For example,

but when I try to use them the return is the redirect with the login page.

How exactly do you use them? As Bearer token in the header? What does this request look like, and the response?

Here is what i’m doing:

POST https://my-app/oauth/token
input body:

{
grant_type=password
&client_id=Jn*******
&client_secret=**********
&username=email@****
&password=*******
}

output:

{
  "access_token": "YI**************",
  "id_token": "ey********
  "scope": "openid profile email address phone",
  "expires_in": 86400,
  "token_type": "Bearer"
}

---------------- now I try to access a page by using the token ----------------

GET https://my-app/somepage

input header:

{
authorization=Bearer <id_token> (from above's response)
content-type=application/json
}

output:

{
    "statusCode": 302,
    "headers": {
        "Location": "https://my-app/authorize?client_id=***********&redirect_uri=https://my-app/callback&response_type=code&scope=openid%20profile%20email&code_challenge=********&code_challenge_method=S256&response_mode=form_post&nonce=************&state=*******&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0",
        "Set-Cookie": ".AspNetCore.OpenIdConnect.Nonce.C******LI=N; expires=Sun, 08 Mar 2020 20:51:51 GMT; path=/callback; secure; samesite=none; httponly,.AspNetCore.Correlation.Auth0.l2Ymz_qVDdH_2FCi7s4SAqZioXnbhawSU18zQmcp280=N; expires=Sun, 08 Mar 2020 20:51:51 GMT; path=/callback; secure; samesite=none; httponly,ARRAffinity=**********;Path=/;HttpOnly;Domain=,y-app",
        "Server": "Microsoft-IIS/10.0",
        "Request-Context": "appId=cid-v1:25ffa36c-0570-472a-a85f-0a98ea7de225",
        "X-Powered-By": "ASP.NET",
        "Date": "Sun, 08 Mar 2020 20:36:51 GMT",
        "Content-Length": "0"
    }
}

If I try to follow the “Location” returned I get another 302 with location “my-site/account/login”, if I follow that I end up at “my-site/authorize”, if I follow that I go back to “my-site/account/login”

POST https://my-app/oauth/token

Is that your app or is that your Auth0 tenant? Otherwise a bit confused why you have a token endpoint in your app.

authorization=Bearer <id_token> (from above’s response)

Shouldn’t that be the Access Token instead of the ID token? (It usually should; ID token shouldn’t be used as bearer tokens; however I don’t know what that resource server (ASP.NET backend) is expecting exactly.)
The overall architecture and components involved (Azure Logic App, Auth0, Your App, what role they play and how they interact still isn’t very clear to me.)

Yep, sorry the first domain is actually the Auth0 tenant. If I try the access token I get the same results.
I also tried the same setup in Postman, same results.

Basically I want to login remotely via a script with no user interaction, it’s a job that I want to run every night by accessing a page inside the app.

Basically I want to login remotely via a script with no user interaction, it’s a job that I want to run every night by accessing a page inside the app.

That sounds more like a case for Machine to Machine and thus Client Credentials Grant - not ROPG / Resource Owner Password Grant.

Conceptual overview of the Client Credentials Flow:

I need the login to be with username/password as my application roles are defined based on that within the application. So Client Credentials Grant wouldn’t work I believe.

I checked the logs and the authentication seems to be working with ROPG, but when I send the Bearer to access my app is where it’s not being recognized.

I send the Bearer to access my app is where it’s not being recognized

I don’t know what the app expects, that really depends on the app. It’s either in the code or in the documentation (of I guess Azure Logic App, which I’m not familiar with).

I’ll do some more digging. I’ll check if there is anything in the app code. Maybe some customized auth0 rules could be causing an issue as well.

Since I have the same issue with Postman, I don’t think it’s Azure logic apps. I actually use logic apps to access the management API and that works fine.

You’re right for Aspnet core you need to configure your startup class to be able to use tokens. Found it in the article below. Very good use case for exactly what I need (API). But turns out due to the way other things work in my application it is easier if login with username/password (no user interaction). I’ll open a new thread with that question and more details.