Signup/ login from backend API

david18 · December 31, 2020, 4:15pm

hi

I want my users to be able to sign up from my HTML form
I achieve that by seeing a request to my backend API

also can a user access_token contain the “user_metadata”: { “TaxId”:“83764876” }

I am sending on sign up ?

(my app allows password as grant type)

my API calls to https://URL/dbconnections/signup

and it works -> I am getting a valid response (user is created)

login form

I want my users to fill my HTML -> send a request to my backend

when I try to call https://URL/oauth/token from my backend

I am getting

{
“error”: “access_denied”,
“error_description”: “Unauthorized”
}

this is the request

{
“client_id”: “”,
“grant_type”: “password”,
“username”: “addggdu@gmail.com”,
“password”: “”
}

what am I doing wrong?

thanks

stephanie.chamblee · December 31, 2020, 6:33pm

Hi @david18,

Welcome to the Community!

Regarding the access_denied error, it’s possible that you need to update the authentication method within your application settings.

For public clients, “None” should be selected for the “Token Endpoint Authentication Method”:

You might also need to select a default directory for your tenant. This setting is located in the top-right dropdown menu. Click Settings and under “API Authorization Settings”, enter “Username-Password-Authentication” for Default Directory

This topic might be helpful as well:

also can a user access_token contain the “user_metadata”: { “TaxId”:“1234567” }

Yes, you can add user metadata properties to the Access Token or ID Token using Rules. You may want to be careful about adding any sensitive information within a JWT because the payload is base64 encoded and easy to decode.

Here is an example of adding custom claims to an Access Token and an ID Token:

david18 · January 2, 2021, 9:18pm

it worked adding the default_drirectory…

now i want to extract the userId (at my db) from the token when users hit my endpoint

can I dot it from req.user ?

thanks

stephanie.chamblee · January 4, 2021, 5:34pm

Glad it is working for you now!

You can use the id_token value you receive from the /OAuth/token response to get user profile information.

You can decode the token using a JWT verification library (example ID Token).

The ID token’s payload contains the sub claim, which is the token subject. The value for this claim will be <connection identifier | user ID, for example google-oauth2|123456789 or auth0|123456789

system · January 19, 2021, 5:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.