Sign token with RS256 in auth0 rules

Kamczii · April 9, 2019, 9:09am

My login flow for first time users looks like this:

User clicks login button on my Angular page and it redirects him to auth0 login page
2.Then he sign ups for the first time
3.My rules checks if he is first time user and if true redirects him to my angular page /register where i want to add some logic to add this user to my custom DB.
4.Then user should go back to auth0 login flow and repeat all rules again.

The problem is im getting this error in my url:

http://localhost:4200/callback#error=access_denied&error_description=error:0906D06C:PEM%20routines:PEM_read_bio:no%20start%20line&state=1ab01wks-UUYE_Fq5mcEGnv-6ocMYo-z

This is my rule for doing this:

function(user, context, callback) {
  if (context.protocol !== "redirect-callback") {
    if (context.stats.loginsCount === 1) {
      function createToken(clientId, clientSecret, issuer, user) {
        var options = {
          expiresInMinutes: 5,
          audience: clientId,
          issuer: issuer,
          algorithm: 'RS256'
        };
        return jwt.sign(user, clientSecret, options);
      }
      var token = createToken(
        configuration.CLIENT_ID,
        configuration.CLIENT_SECRET,
        configuration.ISSUER, {
          sub: user.user_id,
          email: user.email,
          scope: 'openid'
        }
      );
      
      context.redirect = {
        url: "http://localhost:4200/register?token=" + token
      };
      return callback(null, user, context);
    }
    return callback(null, user, context);
  }  else {
    function verifyToken(clientId, clientSecret, issuer, token, cb) {
      jwt.verify(
        token,
        clientSecret, {
          audience: clientId,
          issuer: issuer
        },
        cb
      );
    }
    function postVerify(err, decoded) {
        return callback(null, user, context);
    }
    verifyToken(
      configuration.CLIENT_ID,
      configuration.CLIENT_SECRET,
      configuration.ISSUER,
      context.request.query.token,
      postVerify
    );
  }
}

And my redirect components.ts

export class RegisterComponent implements OnInit {
  token: string;
  profile: any;
  constructor(private http: HttpClient,private activatedRoute: ActivatedRoute, private auth: AuthService) {
  }

  ngOnInit() {
    this.activatedRoute.queryParams.subscribe(params => {
      const token = params['token']
      const state = params['state'];
      console.log(token);
      const headers = new HttpHeaders({
        'Authorization': 'Bearer '+token
      });
      this.http.get('https://'+environment.domain+'/userinfo', {headers: headers}).subscribe((data: any) => {
      this.profile = data;
      console.log(this.profile);
    });
      }
    );
  }

}

I think the problem is in my rule where im signing token. I dont know what exactly should be private key and if i doing signing token at all.

konrad.sopala · September 2, 2019, 8:54am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?