I have a server I’ve been experimenting with, and about a month ago, authentication within my server stopped working. I disabled all the permission checks, because I couldn’t figure out what was wrong. I get account data from auth0 correctly.
Using jwks-rsa and express-jwt, I was able at one point to pass a jwt in with my header request, and it would assign the user from auth0 into the request that would pass onto resolvers. That user is always null now, and I determined it was due to the jwt being expired, even right after getting a new session through auth0. This didn’t happen before, I had always received user and user.sub.
I noticed under the user account that was created using the client secret, that there are no authorized applications. Could this be what is causing my jwt to be constantly expired? It doesn’t seem like there is anyway to add an app to a user. Wouldn’t a user creating an account via the auth0 api have automatic permissions set by the rules?
Another thing I noticed when I ‘try’ the rules in auth0, i get the following error:
ERROR: Cannot read property ‘groups’ of undefined
My rule is the following;
function (user, context, callback) {
context.accessToken[‘https://mydomain.com/user_authorization’] = {
groups: user.app_metadata.groups,
roles: user.app_metadata.roles,
permissions: user.app_metadata.permissions
};
callback(null, user, context);
}