Hey Konrad, I went back to rerun the code to get some details when I realized I had accidentally been using the same test user I’d used before while doing something else, which was the cause of the failed signup. However, even using a new user results in an error. The new user gets created successfully, but the synchronous callback to my server-side application fails. On my side, this is the internal exception:
com.auth0.IdentityVerificationException: An error occurred while exchanging the authorization code
This is the only useful information I get on that side, nothing about why the failure occurred. Unfortunately, due to the way Spring sets up its authentication interceptors ahead of time, I’m having trouble following the stack trace, but I set some breakpoints in the Auth0 code and it looks like perhaps either my security config isn’t being set up correctly, or isn’t handling the code correctly. In Auth0’s RequestProcessor a method called getVerifiedTokens is invoked right before the error, which extracts a parameter from the request called “code”, which is set to a value like this: 7nikwMeTUhUUnTvS. Just a hunch, but this seems too short to be a valid authentication code or token.
On the Auth0 side, the logs just show a failed exchange (multiple times):
{
"date": "2020-03-07T12:35:47.823Z",
"type": "feacft",
"description": "Unauthorized",
"connection_id": "",
"client_id": "<my client id>",
"client_name": null,
"ip": "<my IP>",
"user_agent": "okhttp 3.9.1 / Other 0.0.0",
"details": {
"code": "*************h69",
"device_id": "v0:2bf2ed90-6370-11ea-8f23-216edf211cd7"
},
"hostname": "myapp.auth0.com",
"user_id": "",
"user_name": "",
"auth0_client": {
"name": "auth0-java-mvc-common",
"env": {
"java": "1.8"
},
"version": "1.2.0"
},
"log_id": "90020200307123552210000546592527758043317896755812499554",
"_id": "90020200307123552210000546592527758043317896755812499554",
"isMobile": false
}
I noticed in the log message above that the user information seems to me missing, but I’m not sure if that’s a problem or if that would explain the issue. I’ve triple checked that my domain, clientId and clientSecret are all correct. Everything on my side is straight out of the quickstart I mentioned in my original post, with zero alterations.
Any ideas?