Invalid or malformed authorization header provided

mark.hall · November 5, 2020, 9:57am

I’ve done a social connection integration with an OAuth2.0 provider using code flow.
At the point the browser gets redirected to my callback url on my Auth0 app, I can see the following in the log, but I am not able to debug it to locate the cause (I’ve tried the Debugger extension which does not give much more information). Any ideas what the issue could be or how to find out what it could be?

{
  "date": "2020-11-05T09:23:26.160Z",
  "type": "f",
  "description": "invalid or malformed authorization header provided",
  "connection": "XXXXX",
  "connection_id": "con_xxxxx",
  "client_id": "xxxxxxx",
  "client_name": "xxxxxx",
  "ip": "2.24.127.234",
  "user_agent": "Chrome 86.0.4240 / Linux 0.0.0",
  "details": {
    "body": {},
    "qs": {
      "code": "xxxxx",
      "scope": "read:xxxx read:xxxxx read:xxxxx read:xxxxx read:xxxxx",
      "state": "xxxxx"
    },
    "connection": "XXXX",
    "error": {
      "message": "invalid or malformed authorization header provided",
      "oauthError": "invalid_request",
      "type": "request-error"
    },
    "session_id": "xxxxxx-xxxxxxx"
  },
  "hostname": "login.xxxx.org",
  "strategy": "oauth2",
  "strategy_type": "social",
  "log_id": "xxxxxxxxxx",
  "_id": "xxxxxxxxxx",
  "isMobile": false
}

mark.hall · November 5, 2020, 10:41am

I needed to specify a Custom Header (Authorization Basic) for this provider. I’ve base 64 encoded the client and secret to get it to work and it’s hard coded into the object, is it possible to pull the client id and secret from the settings and base64 encode it in ‘Custom Headers’?..