Isue with auth0-java calling the userinfo endpoint

a.ubels · June 13, 2017, 2:07pm

I had some previous code, however after updating to the latest Auth0 java client, I can no longer:

Do a server sided password login;
Use that to retrieve the user_metadata

The current code I am using is (in a test btw)

    AuthAPI auth0 = new AuthAPI(domain, clientId, clientSecret);

    TokenHolder tokenHolder = auth0.login(user, pass)
            .setAudience(audience)
            .execute();


    String token = tokenHolder.getAccessToken();
    UserInfo profile = auth0.userInfo(token).execute();

    System.out.println(profile.getValues().get("email"));
    System.out.println(profile.getValues().get("user_metadata"));

And the error I get at line:

    UserInfo profile = auth0.userInfo(token).execute();

Is:

   com.auth0.exception.APIException: Request failed with status code 401: invalid credentials
at com.auth0.net.CustomRequest.createResponseException(CustomRequest.java:104)
at com.auth0.net.CustomRequest.parseResponse(CustomRequest.java:57)
at com.auth0.net.BaseRequest.execute(BaseRequest.java:37)
at example.Auth0Tests.TestToken(Auth0Tests.java:89)

I can’t figure out what I need to change to get this to work… What am I doing wrong? Previously I had no issues.

jmangelo · June 13, 2017, 3:36pm

Based on the information available the likely cause is that the access token being issued is not valid to call the /userinfo endpoint. In particular, this may be due to that fact that you’re not specifying a scope parameter containing the openid value so that the request is handled in accordance to OpenID Connect.

In addition, the API associated with the audience you’re providing needs to be using RS256 as the signing algorithm. You can read more about the possible causes for the behavior you’re seeing at:

http://community.auth0.com/questions/516/httpsuserinfo-returns-401-unauthorized