Problem statement
We set up a custom Auth0 webhook to deliver Auth0 events and get the following mal-format events:
{
"date": "2023-06-30T17:18:54.096Z",
"type": "f",
"description": "Invalid parameter: client_id must be a string",
"connection": [
"ec71491d-a935-49df-b4b9-2a8f160a05e6https://login.confluent.io/oauth/authorize?response_type=code"",
"ec71491d-a935-49df-b4b9-2a8f160a05e6"
],
"connection_id": "",
"client_id": [
"oX2nvSKl5jvBKVgwehZfvR4K8RhsZIEs",
"oX2nvSKl5jvBKVgwehZfvR4K8RhsZIEs"
],
"ip": "136.226.74.165",
"user_agent": "Chrome 114.0.0 / Windows 10.0.0",
"details": {
"body": {},
"qs": {
"response_type": "code",
"code_challenge": [
"6qOThJ9E0NqCud-MIhxEeRBqx-YLMI1pOsjJHUeyENQ",
"6qOThJ9E0NqCud-MIhxEeRBqx-YLMI1pOsjJHUeyENQ"
],
"code_challenge_method": [
"S256",
"S256"
],
"client_id": [
"oX2nvSKl5jvBKVgwehZfvR4K8RhsZIEs",
"oX2nvSKl5jvBKVgwehZfvR4K8RhsZIEs"
],
"redirect_uri": [
"https://confluent.cloud/cli_callback"",
"https://confluent.cloud/cli_callback""
],
"scope": [
"email openid offline_access",
"email openid offline_access"
],
"state": [
"7ezNTNvrzXvMve72C__FJY40wG1zjwoAJ9UeFsOUuVA",
"7ezNTNvrzXvMve72C__FJY40wG1zjwoAJ9UeFsOUuVA"
],
"audience": [
"https://confluent.auth0.com/api/v2/"",
"https://confluent.auth0.com/api/v2/""
],
"connection": [
"ec71491d-a935-49df-b4b9-2a8f160a05e6https://login.confluent.io/oauth/authorize?response_type=code"",
"ec71491d-a935-49df-b4b9-2a8f160a05e6"
]
},
"connection": [
"ec71491d-a935-49df-b4b9-2a8f160a05e6https://login.confluent.io/oauth/authorize?response_type=code"",
"ec71491d-a935-49df-b4b9-2a8f160a05e6"
],
"error": {
"message": "Invalid parameter: client_id must be a string",
"oauthError": "invalid_request",
"type": "request-error"
}
},
"hostname": "login.confluent.io",
"log_id": "90020230630171858891647000000000000001223372052365767853",
"_id": "90020230630171858891647000000000000001223372052365767853",
"isMobile": false,
"id": "90020230630171858891647000000000000001223372052365767853"
}
Symptoms
- Reporting a malformed tenant log type f, it shows duplicate entries in the log.
Cause
- Appending another ‘/authorize’ along with the ‘connection’ parameter in the request.
For example:
https://{{YOUR_DOMAIN}}/oauth/authorize?response_type=code&;
code_challenge_method=S256&
client_id=V7nSsIebTRMVFafe7OIMS0qaUyl7T4jA&
redirect_uri=https://example-app.com/redirect&;
scope=email%20openid%20offline_access&
audience=https://api.example.com&;
connection=Username-Password-Authenticationhttps://https://{{YOUR_DOMAIN}}/oauth/authorize?response_type=code&;
code_challenge_method=S256&
client_id=V7nSsIebTRMVFafe7OIMS0qaUyl7T4jA&
redirect_uri=https://example-app.com/redirect&;
scope=email%20openid%20offline_access&
audience=https://api.example.com&;
connection=Username-Password-Authentication
The resulting log entry:
{
"body": {},
"qs": {
"response_type": "code",
"code_challenge_method": [
"S256",
"S256"
],
"client_id": [
"V7nSsIebTRMVFafe7OIMS0qaUyl7T4jA",
"V7nSsIebTRMVFafe7OIMS0qaUyl7T4jA"
],
"redirect_uri": [
"https://example-app.com/redirect"",
"https://example-app.com/redirect""
],
"scope": [
"email openid offline_access",
"email openid offline_access"
],
"audience": [
"https://api.example.com"",
"https://api.example.com""
],
"connection": [
"Username-Password-Authenticationhttps://https://{{YOUR_DOMAIN}}/oauth/authorize?response_type=code"",
"Username-Password-Authentication"
]
},
"connection": [
"Username-Password-Authenticationhttps://https://{{YOUR_DOMAIN}}/oauth/authorize?response_type=code"",
"Username-Password-Authentication"
],
"error": {
"message": "Invalid parameter: client_id must be a string",
"oauthError": "invalid_request",
"type": "request-error"
}
}
Solution
We recommend that you ensure the /authorize request does not append duplicate parameters.