We’re using the node-auth0 package to allow our API to authenticate users with OpenID, and it works fine. However I was wondering if it was possible to request a genuine user JWT access token for our tests through node-auth0? I tried things like grantCredentialsClient and getAccessToken, but these don’t generate standard user access tokens that I can verify using the https://auth0.com/userinfo route (as that is what we’re trying to test)?
When using node-auth0, you can get access tokens using the [AuthenticationClient] (https://github.com/auth0/node-auth0#authentication-api-client) and the [ManagementClient] (https://github.com/auth0/node-auth0#management-api-client).
To call GET /userinfo endpoint, you should use the access token you got from the user’s authentication, but make sure to have the openid scope in that original authentication request.
Given the Auth0 Access Token obtained
during login, this endpoint returns a
user’s profile. This endpoint will
work only if openid was granted as a
scope for the access_token.
Thanks for your reply! Yes - that is what I was wondering - is there any way to obtain a user’s access token that I can use with the GET /userinfo via the AuthenticationClient or ManagementClient of node-auth0 (so without requiring the user to actually log in manually/separately?)
The test we’d like to run is:
- Create new user (using node-auth0)
- Obtain access token for this user
- Send access token to GET /userinfo
- Check that profile information is returned as expected
It’s just stage 2 that I can’t work out?
Is this referring to an access token I can get from AuthenticationClient or ManagementClient? It’s not clear to me how I’d get a user’s access token from these clients.
My use case is this: Like many apps we want to reduce the friction in signup, so we’d like to authenticate the user directly iff the email has not been registered before. Eg. I do not want to redirect the user to Auth0, nor perform passwordless login. Just new email address => you’re in!
Only when the user wants to login again will I send a magic link to log the user into an existing account.
It’s not clear how I would accomplish this with Auth0, as I’d be managing almost everything from my own backend. My flow is:
0. App: New user signs up with email
- My backend: Create a new user via Auth0 Management api
- My backend: Get an access token & refresh token for the user created in step 1)
- My backend: Return tokens to client
- App: User is now authenticated
Is 2) something I can accomplish with Auth0?
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?