Issue with Auth0 Vault Creation

There seems to be an issue when creating a vault connection. I get the follow error in both the UI and when I try to hit the management API directly to create a new Auth0 vault connection.

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'None of the valid schemas were met' on property setup (Flows Vault Connection configuration). Inner errors: [ Payload validation error: 'Additional properties not allowed: client_secret,client_id,domain' on property setup ({description}). (also) Payload validation error: 'Object didn't pass validation for format hostname: {redacted}' on property setup.domain. (also) Payload validation error: 'Invalid value \"OAUTH_APP\"' on property setup.type. (also) Payload validation error: 'Missing required property: algorithm' on property setup. ].",
  
}

I give all valid inputs and the app I am creating has the management API authorized and I even gave it all scopes to ensure that it wasn’t the issue.

What am I doing wrong?

Edit:

I went into the devtools and from the network tool I copied the request as a cURL. Here it is (well most of it other than sensitive info I redacted):

curl 'https://forms.auth0.com/api/us/{redacted}/flows/vault/connections/{redacted}' \
  -X 'PATCH' \
  -H 'accept: application/json' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'auth0-forms-accept-casing: snake' \
  -H 'auth0-forms-csrf-token: {redacted}' \
  -H 'auth0-forms-frontend-version: 1.712.0' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'origin: https://forms.auth0.com' \
  -H 'pragma: no-cache' \
  -H 'priority: u=1, i' \
  -H 'referer: https://forms.auth0.com/tenants/us/{redacted}/vault/apps/AUTH0/edit' \
  -H 'sec-ch-ua: "Not A(Brand";v="8", "Chromium";v="132", "Google Chrome";v="132"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-origin' \
 \
  --data-raw '{"name":"Auth0Test","setup":{"domain":"{redacted}","client_id":"{redacted}}","client_secret":"{redacted}}","type":"OAUTH_APP"}}'

Hi @jnieto

Welcome back to the Auth0 Community!

The cURL request that you have posted does not seem to match the one in our documentation.
Could you please review the documentation regarding Creating a Flows Vault Connection?

Kind Regards,
Nik

Hi @nik.baleca,

Thank you for the response. That cURL is actually taken directly from the network tab when I use the Auth0 UI in the https://forms.auth0.com/tenants/us/{tenant-name}/vault/apps/AUTH0/edit. So this is exactly what the UI does today.

Screenshot 2025-02-20 at 4.09.42 PM1142×813 27.3 KB

What’s also interesting is when I go to the documentation page and use the API explorer with the default body (but only the AUTH0 vault) I get an error on the default request body provided by auth0:

Request Body:

[ {
  "app_id": "AUTH0",
  "setup": {
    "type": "OAUTH_APP",
    "client_id": "{redacted}",
    "client_secret": "{redacted}",
    "domain": "{redacted}"
  }
} ]

Response

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'Expected type object but found type array'.",
  "errorCode": "invalid_body"
}

I thought this was odd since the default payload is wrapped in a list, but from the error message I removed the outer list and I still get the following error:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'Missing required property: name'.",
  "errorCode": "invalid_body"
}

I then followed the error message and added a parameter name.

Interestingly enough, this actually gets us a request body that looks to be the same one in the cURL I originally sent.

--data-raw '{"name":"Auth0Test","setup":{"domain":"{redacted}","client_id":"{redacted}}","client_secret":"{redacted}}","type":"OAUTH_APP"}}'

Sending this request body, I get this:

Request Body:

{
 "name": "Test",
  "app_id": "AUTH0",
  "setup": {
    "type": "OAUTH_APP",
    "client_id": "{redacted}",
    "client_secret": "{redacted}",
    "domain": "{redacted}"
  }
} 

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'None of the valid schemas were met'. Inner errors: [ Payload validation error: 'Invalid value \"AUTH0\"' on property app_id. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Additional properties not allowed: domain,client_secret,client_id' on property setup ({description}). ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Object didn't pass validation for format hostname: {redacted}' on property setup.domain. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Invalid value \"OAUTH_APP\"' on property setup.type. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Additional properties not allowed: domain,client_secret,client_id' on property setup ({description}). (also) Payload validation error: 'Invalid value \"OAUTH_APP\"' on property setup.type. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Missing required property: algorithm' on property setup. ]. ].",
  "errorCode": "invalid_body"
}

Which is the same as the error message I see in the network tab when I use the UI to create the vault.

So I actually think there are a few issues wrong.

1. I think the documentation you linked is not updated and incorrect.
2. The UI is either broken or the endpoint that the UI calls is broken.

Thank you for the help,
Jake

Hi again,

I have tested it out on my end and it seems that I am receiving the same error, I will look further into this and get back to you as soon as possible regarding the matter!

Kind Regards,
Nik

Hi again @jnieto

I have identified the issue.

It appears that the request body needs to look something like this:

{
    "app_id": "AUTH0",
    "name": "test",
    "setup": {
      "type": "OAUTH_APP",
      "client_id": "{M2M_client_id}",
      "client_secret": "{M2M_client_secret}",
      "domain": "{AUTH0_Domain}"
    }
}

The cURL request will look something like this:

curl -L 'https://{AUTH0_DOMAIN}/api/v2/flows/vault/connections' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {API_TOKEN}' \
-d '{"app_id":"AUTH0","name":"test","setup":{"type":"OAUTH_APP","client_id":"M2M_client_id","client_secret":"M2M_client_secret","domain":"AUTH0_Domain"}}'

The documentation appears to first provide the list of apps encapsulated in an array just as you have mentioned ( [ ] brackets) and it appears to be missing the name parameter which is required.
I have tested it on my end and it has indeed created a vault connection with the name “test”.

I will reach out internally regarding the documentation.

Otherwise, I would recommend to double check the client_id, domain and client_secret you are passing in for the request. I used the ones from API explorer Application which uses the Management API.

Hope this helps!

Kind Regards,
Nik

Hi @nik.baleca

Thank again you for the reply.

Even with the changes you recommended, the API still gives me the same 400 error. I double checked and made sure to use the credentials from the Management API Explorer as well.

Request:

curl -L 'https://{domain-redacted}/api/v2/flows/vault/connections' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {token-redacted}' \
-d '{"app_id":"AUTH0","name":"test","setup":{"type":"OAUTH_APP","client_id":"{redacted}","client_secret":"{redacted}","domain":"{redacted}"}}'

Response:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'None of the valid schemas were met'. Inner errors: [ Payload validation error: 'Invalid value \"AUTH0\"' on property app_id. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Additional properties not allowed: domain,client_secret,client_id' on property setup ({description}). ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Object didn't pass validation for format hostname: {domain-redacted}' on property setup.domain. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Invalid value \"OAUTH_APP\"' on property setup.type. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Additional properties not allowed: domain,client_secret,client_id' on property setup ({description}). (also) Payload validation error: 'Invalid value \"OAUTH_APP\"' on property setup.type. ]. (also) Payload validation error: 'None of the valid schemas were met' on property setup ({description}). Inner errors: [ Payload validation error: 'Missing required property: algorithm' on property setup. ]. ].",
  "errorCode": "invalid_body"
}

Not sure how to proceed.

Thanks,
Jake

Hi @jnieto

That is indeed weird, could you please send me a DM with the tenant name where you are experiencing these issues so I can take a look?

Kind Regards,
Nik