I have an unknown client ID making api request to my auth0 audience

I have an unknown strange client ID making api request to my auth0 domain/audience.

On my site, I have a tab named Users, when you click on users, you are supposed to get a list of registered users from auth0 but the page just tries to load and gives error 500, In auth0, the below error is seen. I have been trying to search for where the client ID in the error message ois coming from but cant seem to figure it out.
{
“date”: “2023-04-05T09:55:23.274Z”,
“type”: “feccft”,
“description”: “Unauthorized”,
“connection_id”: “”,
“client_id”: “ynxxxh9TxxxxxxxxxxxxxxxxxxxC”, (not present in any of my tenants)
“client_name”: null,
“ip”: “x.x.x.x”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“hostname”: “.eu.auth0.com",
“user_id”: “”,
“user_name”: “”,
“audience”: “https://.eu.auth0.com/api/v2/”,
“scope”: null,
“log_id”: “9002023036911797412”,
“_id”: “9002023036911797412”,
“isMobile”: false,
“id”: “9002023036911797412”

from browser, directly accessing the function url, I get invalid jwt token but this could be because I didnt make the request directly from the site

Hi @helpdesk,

Thanks for reaching out to the Auth0 Community!

I understand you have observed an unrecognizable client ID making an API request to your Auth0 Domain and Audience.

First, could you please clarify if you recognize the IP address of the request when checking the logs?

And could you please capture a HAR file of the login transaction leading up to clicking the user’s tab for me to investigate the issue further?

In the meantime, I recommend checking out our Call Your API Using the Authorization Code Flow documentation on making a login request to get an access token in the context of your API.

I look forward to your update.

Thanks,
Rueben

Hi Rueben,

The IP Address in the log I shared isnt from my local machine nor from the site, searching online for the source, it appears to be some IP Auth0 uses to make external request emanating from Auth0 (The IP Address hostname is <>-<>.outbound.auth0user.net).

I have attached a sample har file and removed some sensitive information from it.
sampleharfile.har (41.0 KB)

1 Like

Hi @helpdesk,

Thank you for your response.

I have just tried to read your HAR file but encountered the following error:
image

Because of this, could you please help me retry capture the login events in a HAR file again and send them to me as a direct message?

This way, the information is not public and I can look into the details.

I look forward to your update.

Thanks,
Rueben

Hi Reuben, will share another HAR file with you. In the meantime, I was trying out some api calls and I observed that I am getting that unknown client ID each time, I also get the below error.

curl --request GET --url ‘https://.eu.webtask.run/adf6e2f2b84784b57522e3b19dfc9201/api/groups/5a4449a6-4c7f-4de4-9b93-169dbea2bd6b/members’ --header ‘Authorization: Bearer {access-token}’

{“statusCode”:500,“error”:“Internal Server Error”,“message”:“An internal server error occurred”}

Also in auth0 log, i get:

{
“date”: “2023-04-19T03:14:46.235Z”,
“type”: “feccft”,
“description”: “Unauthorized”,
“connection_id”: “”,
“client_id”: “ynAph9TlV9bxAGxJ7cKy445hsUDQS2CC”,
“client_name”: null,
“ip”: “51.x.x.x”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“hostname”: “.eu.auth0.com”,
“user_id”: “”,
“user_name”: “”,
“audience”: “https://.eu.auth0.com/api/v2/”,

ADDITIONAL LOG:

4:56:44 AM:

* 2023-04-19T03:56:44.697Z - info: > WT_URL: https://peu2-webtask-router-eu-west-1.peu2.webtask.run/api/run/{tenant-name}/adf6e2f2b84784b57522e3b19dfc9201*
*2023-04-19T03:56:44.698Z - info: > PUBLIC_WT_URL: https://{tenant-name}.eu.webtask.run/adf6e2f2b84784b57522e3b19dfc9201*
*4:56:45 AM:*
* 2023-04-19T03:56:45.060Z - info: Initializing the S3 Storage Context.*
*4:56:45 AM:*
* 230419/035645.164, [log,info] data: Hapi initialization completed.*
*4:56:45 AM:*
* (node:17) [DEP0022] DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.*
*4:56:45 AM:*
* 2023-04-19T03:56:45.372Z - error: Invalid credentials for ynAph9TlV9bxAGxJ7cKy445hsUDQS2CC*
*4:56:45 AM:*
* 230419/035645.373, [log,error] data: Request: GET /api/groups/f8ee648f-5eba-467a-8c33-d0fbb7c2fe56/roles/nested*
*4:56:45 AM:*
* 230419/035645.373, [log,error] data: Response: {*
*"name": "ManagementApiError",*
*"code": "unauthorized",*
*"message": "Invalid credentials for ynAph9TlV9bxAGxJ7cKy445hsUDQS2CC",*
*"status": 401,*
*"isBoom": true,*
*"isServer": true,*
*"data": null,*
*"output": {*
*"statusCode": 500,*
*"payload": {*
*"statusCode": 500,*
*"error": "Internal Server Error",*
*"message": "An internal server error occurred"*
*},*
*"headers": {}*
*}*
*}*
*4:56:45 AM:*
* finished webtask request*
*4:56:45 AM:*
* 230419/035645.167, [error] message: Invalid credentials for ynAph9TlV9bxAGxJ7cKy445hsUDQS2CC stack: ManagementApiError: Invalid credentials for ynAph9TlV9bxAGxJ7cKy445hsUDQS2CC*
*at /data/_verquire/_node12/auth0-extension-hapi-tools/1.0.0/node_modules/auth0-extension-tools/src/auth0/managementApi.js:24:25*
*at Request.callback (/data/_verquire/_node12/auth0-extension-hapi-tools/1.0.0/node_modules/superagent/lib/node/index.js:715:3)*
*at /data/_verquire/_node12/auth0-extension-hapi-tools/1.0.0/node_modules/superagent/lib/node/index.js:903:18*
*at IncomingMessage.<anonymous> (/data/_verquire/_node12/auth0-extension-hapi-tools/1.0.0/node_modules/superagent/lib/node/parsers/json.js:19:7)*
*at IncomingMessage.emit (events.js:326:22)*
*at IncomingMessage.EventEmitter.emit (domain.js:506:15)*
*at endReadableNT (_stream_readable.js:1241:12)*
*at processTicksAndRejections (internal/process/task_queues.js:84:21)*
*230419/035645.167, [response] http://localhost:3000: get /api/groups/f8ee648f-5eba-467a-8c33-d0fbb7c2fe56/roles/nested {} 500 (212ms)*
1 Like