Hi, I’ve been hitting a weird error that I can easily reproduce but am struggling to understand. I have a SAML enterprise connection set up (using Okta as the IdP but via generic SAML connection). I then have a rule that copies group information from the SAML assertion and into the app_metadata (because I found other posts saying top level user data set via SAML mapping was not available in Actions).
So far so good… now I also have a Post Login action that does some other logic and sets different fields in the app_metadata using the api.user.setAppMetadata
interface. When this action fires and calls to set the app metadata field, I get a Failed Login. BUT, the metadata IS actually set on the user when I look in the Auth0 console. So if I attempt to login again with the same user, it works. It appears that any time the app metadata is actually mutated by the action it causes a failure like the one below. Additionally, this only seems to happen when logging in via a SAML provider – using a Username-Password connection works just fine.
{
"date": "2022-12-09T23:07:16.412Z",
"type": "f",
"description": "Internal",
"connection": "my-okta",
"connection_id": "XXXXXXXXX",
"client_id": "XXXXXXXXXXX",
"client_name": "XXXXXXX",
"ip": "XXXXXXXXX",
"user_agent": "Firefox 106.0.0 / Mac OS X 10.15.0",
"details": {
"body": {},
"qs": {
"state": "GpQOXh6qPpOs09bXEwNXswneZx7vCEpe"
},
"connection": "my-okta",
"error": {
"message": "Internal",
"oauthError": "access_denied",
"type": "oauth-authorization"
},
"session_id": "8T4lyni3E0zvjWyTdJEiMvkkw6sxfout",
"stats": {
"loginsCount": 13
}
},
"hostname": "XXXXXXXXX.auth0.com",
"user_id": "samlp|my-okta|XXXXXXXXXX",
"user_name": "XXXXXXXXXX",
"strategy": "samlp",
"strategy_type": "enterprise",
"audience": "https://XXXXXXXXXX.auth0.com/userinfo",
"scope": [
"openid",
"profile",
"email"
],
"log_id": "90020221209230719264555787809657665959683577496675025042",
"_id": "90020221209230719264555787809657665959683577496675025042",
"isMobile": false,
"id": "90020221209230719264555787809657665959683577496675025042"
}
Any ideas? This seems to suppress logs from the Action as well so it’s hard to see what’s going on and I haven’t been able to find anything referring to this Internal
error description.