Unable to password reset user in rails 7

Help
,
1

I’m not entirely sure whats causing auth0 to return a failed state for our force password reset action. But it does not happen in rails 6, my belief is that its a cookie size issue that leads to a missing refresh token. This is a blocker for my team. Can you review the log details to assist me? I get an error that the code is missing on auth0 logs through the dashboard.

SPECS
Rails 7.1.3
Node 18.20.4
Ruby 3.2.4

GET", :path => "/", :status => 302, :view_runtime => 0.0, :db_runtime => 0.0, :allocations => 194, :status_message => "Found" }
2025-01-03 08:36:12.743537 I [403564:31620] Rack -- Started -- { :method => "GET", :path => "/auth/jwt_callback?error=access_denied&error_description=managementClient.createPasswordChangeTicket%20is%20not%20a%20function", :ip => "10.10.0.10" }
2025-01-03 08:36:12.762687 D [403564:31620] PrivyAuth0::AuthController -- Processing #jwt_callback
2025-01-03 08:36:13.097172 I [403564:31620] (334.4ms) PrivyAuth0::AuthController -- Completed #jwt_callback -- { :controller => "PrivyAuth0::AuthController", :action => "jwt_callback", :params => { "error" => "access_denied", "error_description" => "managementClient.createPasswordChangeTicket is not a function" }, :format => "HTML", :method => "GET", :path => "/auth/jwt_callback", :status => 500, :view_runtime => 0.0, :db_runtime => 0.0, :exception_object => #<NoMethodError: undefined method `refresh_token' for nil:NilClass>, :allocations => 1165, :status_message => "Internal Server Error" }
2025-01-03 08:36:13.097761 F [403564:31620 deprecators.rb:86] Rails -- Exception: NoMethodError: undefined method `refresh_token' for nil:NilClass
/var/www/privvy-app-rails/releases/privvy-app-rails_20250102160249/vendor/privvy_auth0-0.3.4.1.pre/app/helpers/privvy_auth0/user_helper.rb:6:in `set_user_cookies'
/var/www/privvy-app-rails/releases/privvy-app-rails_20250102160249/vendor/privvy_auth0-0.3.4.1.pre/app/controllers/privvy_auth0/auth_controller.rb:36:in `jwt_callback'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.3.3/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.3.3/lib/abstract_controller/base.rb:224:in `process_action'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.3.3/lib/action_controller/metal/rendering.rb:165:in `process_action'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.3.3/lib/abstract_controller/callbacks.rb:259:in `block in process_action'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.3.3/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/react-rails-3.1.1/lib/react/rails/controller_lifecycle.rb:33:in `use_react_component_helper'
/var/www/privvy-app-rails/shared/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.3.3/lib/active_support/callbacks.rb:130:in `block in run_callbacks'
2

Seems that a method that was available for the rails 6 node 14 env is no longer available for the node 18 env that rails 7 relies on. Still don’t know what should be done in this case

3 
{
  "date": "2025-01-03T14:19:53.677Z",
  "type": "f",
  "description": "managementClient.createPasswordChangeTicket is not a function",
  "connection": "my-api-auth0-database",
  "connection_id": "xxxx",
  "client_id": "xxxx",
  "client_name": "Javascript SPA to CPG DEV2 Federated",
  "ip": "10.10.10.10",
  "user_agent": "Chrome 131.0.0 / Mac OS X 10.15.7",
  "details": {
    "body": {},
    "qs": {
      "state": "xxxx"
    },
    "connection": "my-api-auth0-database",
    "error": {
      "message": "managementClient.createPasswordChangeTicket is not a function",
      "oauthError": "managementClient.createPasswordChangeTicket is not a function",
      "type": "access_denied"
    },
    "session_id": "xxxx",
    "actions": {
      "executions": [
        "xxxx"
      ]
    },
    "stats": {
      "loginsCount": 9
    }
  },
  "hostname": "myapi.us.auth0.com",
  "user_id": "auth0|PRIVVY-DEV2|410-222-10",
  "user_name": "410-222-10",
  "strategy": "auth0",
  "strategy_type": "database",
  "audience": "my-api-dev2",
  "scope": [
    "openid",
    "profile",
    "email",
    "offline_access"
  ],
  "$event_schema": {
    "version": "1.0.0"
  },
  "log_id": "xxxx",
  "tenant_name": "my-api-dev2",
  "_id": "xxxx",
  "isMobile": false,
  "originalData": {
    "date": "2025-01-03T14:19:53.677Z",
    "type": "f",
    "description": "managementClient.createPasswordChangeTicket is not a function",
    "connection": "my-api-auth0-database",
    "connection_id": "xxxx",
    "client_id": "xxxx",
    "client_name": "Javascript SPA to API Federated",
    "ip": "170.85.72.81",
    "user_agent": "Chrome 131.0.0 / Mac OS X 10.15.7",
    "details": {
      "body": {},
      "qs": {
        "state": "xxxx"
      },
      "connection": "my-api-to-auth0-database",
      "error": {
        "message": "managementClient.createPasswordChangeTicket is not a function",
        "oauthError": "managementClient.createPasswordChangeTicket is not a function",
        "type": "access_denied"
      },
      "session_id": "xxxx",
      "actions": {
        "executions": [
          "xxxx"
        ]
      },
      "stats": {
        "loginsCount": 9
      }
    },
    "hostname": "myhost.us.auth0.com",
    "user_id": "auth0|PRIVVY-DEV2|410-222-10",
    "user_name": "410-222-10",
    "strategy": "auth0",
    "strategy_type": "database",
    "audience": "my-api-dev2",
    "scope": [
      "openid",
      "profile",
      "email",
      "offline_access"
    ],
    "$event_schema": {
      "version": "1.0.0"
    },
    "log_id": "xxxx",
    "tenant_name": "mytenant-dev2",
    "_id": "xxxxx",
    "isMobile": false
  },
  "integrityRuleset": {},
  "id": "xxxxxx"
}
5

Hi @dwood1,

Can you try using managementClient.tickets.changePassword instead of managementClient.createPasswordChangeTicket? Please see updated methods here: node-auth0/v4_MIGRATION_GUIDE.md at master · auth0/node-auth0 · GitHub

Thanks,

Mary Beth

6

I’ll test and respond back

1 Like
7

Greetings Marybeth, I no longer get the missing method error with your recommendation…But, I do get Invalid URL now.

/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
const axios = require("axios");
const ManagementClient = require('auth0').ManagementClient;


const createPasswordChangeTicket = async (event, api) => {
  
  const managementClient = new ManagementClient({
        clientId: event.secrets.M2M_CLIENT_ID,
        clientSecret: event.secrets.M2M_CLIENT_SECRET,
        domain: event.secrets.M2M_DOMAIN,
        scope: 'create:user_tickets',
      });

  const params = {user_id: event.user.user_id};
  const passwordChangeTicketResponse = await managementClient.tickets.changePassword(params);
  return passwordChangeTicketResponse.ticket;
}

exports.onExecutePostLogin = async (event, api) => {
  console.log("event.secrets.M2M_CLIENT_ID")
  console.log(event.secrets.M2M_CLIENT_ID);
  if (!api.redirect.canRedirect()) return;
  if (event.user.user_metadata.force_password_change === undefined) return;
  console.log("Force password change is required");

  const ticket = await createPasswordChangeTicket(event, api);
  api.redirect.sendUserTo(ticket);   
};
8 
{
  "date": "2025-01-03T16:01:46.291Z",
  "type": "feacft",
  "description": "Missing required parameter: code",
  "connection_id": "",
  "client_id": "xxxx",
  "client_name": "Javascript SPA to PRIVVY DEV2 Federated",
  "ip": "xxxxx",
  "client_ip": "xxxx",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "details": {
    "code": null
  },
  "hostname": "my-api-dev2.us.auth0.com",
  "user_id": "",
  "user_name": "",
  "$event_schema": {
    "version": "1.0.0"
  },
  "log_id": "xxxx",
  "tenant_name": "my-api-dev2",
  "_id": "xxxx",
  "isMobile": false,
  "originalData": {
    "date": "2025-01-03T16:01:46.291Z",
    "type": "feacft",
    "description": "Missing required parameter: code",
    "connection_id": "",
    "client_id": "xxxx",
    "client_name": "Javascript SPA to PRIVVY DEV2 Federated",
    "ip": "xxxx",
    "client_ip": "xxxx",
    "user_agent": "Other 0.0.0 / Other 0.0.0",
    "details": {
      "code": null
    },
    "hostname": "my-api-dev2.us.auth0.com",
    "user_id": "",
    "user_name": "",
    "$event_schema": {
      "version": "1.0.0"
    },
    "log_id": "xxxx",
    "tenant_name": "my-api-dev2",
    "_id": "xxxx",
    "isMobile": false
  },
  "integrityRuleset": {},
  "id": "xxxx"
}
9

Hi @dwood1,

Thanks for your reply!

I looked at your logs for this and see that the error is coming from one of your Actions (the force password change one). You can view the Action Executions tab in the failing log to see the error. Could you kindly review this Action? Additionally, I would recommend opening up a support ticket about this new issue. Support can take a closer look at this Action and surrounding logs.

Thanks,

Mary Beth

11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.