Auth0 Home Blog Docs

Obtaining an AWS Tokens to securely call AWS APIs and resources - Delegation no longer working?

delegation
tokens
aws

#1

Hi everyone,
I’m very new to auth0 (actually stumbled across it today while reading a really good tutorial from auth0 about how to create some AWS lambda functions, then call them from a client angularJS app, with all of the necessary security - Link to tutorial).

However, I get the following error when the app calls the Identity delegation endpoint in Auth0 and requests an AWS Token.

Object {error: "unauthorized_client", error_description: "Grant type 'http://auth0.com/oauth/legacy/grant-ty…/delegation/id_token' not allowed for the client.", statusCode: 403, error_uri: "https://auth0.com/docs/clients/client-grant-types"}

I think the underlying angularJS library wrapper for the auth0 API is using the ID TOKEN client grant type. From my reading it seems like this is no longer supported. My question is whether there is a better (supported) approach? Perhaps I should be using the AWS security service for this problem, but I'm really liking the tutorial auth0 have put together.


#2

I’m in a similar situation and I’m having the same issue. /delegation is now deprecated, and it looks like it is disabled by default for any new users after June 8, 2017 (if I’m correctly understanding https://auth0.com/docs/api/authentication#delegation ).

I wasted hours trying to get https://github.com/auth0-samples/auth0-s3-sample
to work properly since it’s referenced in so many places in the docs - I haven’t yet found a way to obtain 3rd party API tokens.

If there’s no other work around, is there a way to manually enable /delegation ?


#3

I’m in a similar situation and I’m having the same issue. /delegation is now deprecated, and it looks like it is disabled by default for any new users after June 8, 2017 (if I’m correctly understanding https://auth0.com/docs/api/authentication#delegation ).

I wasted hours trying to get https://github.com/auth0-samples/auth0-s3-sample
to work properly since it’s referenced in so many places in the docs - I haven’t yet found a way to obtain 3rd party API tokens.

If there’s no other work around, is there a way to manually enable /delegation ?


#4

I also wasted hours trying to get the example to work. I created a support ticket a few days ago asking if there was a way to achieve the functionality described here https://auth0.com/docs/integrations/aws#obtain-aws-tokens-to-securely-call-aws-apis-and-resources, but I haven’t gotten an answer.
Were you able to come up with a solution?


#5

Unfortunately not - I’ve had to move on to exploring different services.


#6

Sorry to say that i’ve not progressed very far on this either. I’m now looking at other services that offer better integration with AWS APIs (or, at least working examples). I’ll post back if anything looks promising.


#7

I have the same issue, now when the github sample was removed, feel like there will be no real progress on that.


#8

In the near future we’ll be releasing a new feature, third-party APIs, that will address this. We don’t have a timeline for this yet, and unfortunately there isn’t an alternative solution for the meantime.


#9