Urgent: Figma social connection is broken

Figma is making changes to their API.
https://www.figma.com/developers/api#oauth_migration_guide

There is currently a brownout period to test if your API will break starting on the 24th of February 2025.

Considering my Figma login no longer works today during the 24hour brownout period test. I assume you haven’t updated the Figma social connection yet.

May i kindly ask you to URGENTLY fix this Auth0 managed social connection?

Here is proof showing it MUST be this issue. The problems started exactly during the 18:00 UTC brownout starting time.

Hi @developer12

Thank you for the update. I’ll inform the team about the changes in Figma and let you know about the update. In the meantime as a fast work-around - you can setup custom OAuth 2.0 connection to Figma, by following this guide: Connect Apps to Generic OAuth2 Authorization Servers
This way you’ll have control over all integration parameters.

Thanks
Dawid

How is that a fix?
The custom social connection will have a different name, meaning the same Figma users will get a different userId in Auth0 (it appears auth0 prefixes user_id with oauth|connectionName|…

I can’t delete the existing connection to reuse its name cause deleting a connection will delete all of its users…

My production app has been unusable for more than 24hours now

@dawid.matuszczyk I’m an engineer at Figma and am happy to support the Auth0 team to perform this migration. By our metrics, there are a few thousand Figma users who have authorized apps that use Auth0’s Figma integration, and their experience may be affected by a failure to migrate.

Please let me know if there’s a direct way to contact the maintainers of your Figma integration. You can also contact me using the email address associated with this support account. Thank you!

I’ve also tried reaching out to Auth0 via the “Talk to an engineer” option in the Contact Us page.

I’ll continue looking for ways to get a hold of Auth0 support…I don’t have access to a paid Auth0 account, which seems to prevent me from opening a support ticket. If there are folks affected by this issue who are able to open tickets, please direct them to this forum post. Thanks all!

Hi @jefflee-figma,

I’ve contacted our team about the process in such a situation; I will contact you as soon as I have more details from the Product Team.

Thanks!
Dawid

I don’t understand why this is indicated as a solution.
As i said:

How is that a fix?
The custom social connection will have a different name, meaning the same Figma users will get a different userId in Auth0 (it appears auth0 prefixes user_id with oauth|connectionName|…

I appreciate the Figma engineers bumping this topic. I have paying users for our Saas tool who will lose their access unless this is fixed

Hi @developer12

I’m working with the team to adjust this connection before sunset. I will update you as soon as I have more insight into this topic.

Thanks
Dawid

5 days left until my production SaaS platform becomes unusable due to this issue…
Any status update?

Use a managed authentication service they said, they will handle everything for you… regretting using Auth0 now big time.

Hi @developer12,

Our Engineering team is actively working on the connection with Figma to align with changes before sunset. I appreciate your patience, and I assure you that our team is doing its best to ship this update before Feb 24th.

Thanks
Dawid

Thank you @jefflee-figma for additional support on this.

@developer12 - We are actively fixing this for net-new connections such that they are not impacted by this. For your existing connection, you can update the tokenUrl using the management API.

To update your tokenUrl for your Figma connection:

  1. Call GET Connections or if you know the connection id, you can call GET Connection by Id. The Id is available in your Admin Dashboard in the connection settings.
  2. In the response, copy the options object from the figma connection. This will be used in the update request.
    Example options object:
    "options": {
        "scope": "file_read",
        "scripts": {
            "fetchUserProfile": "function fetchUserProfile(accessToken, context, callback) {\n  request.get({\n    url: 'https://api.figma.com/v1/me',\n    headers: {\n      'Authorization': 'Bearer ' + accessToken,\n    }\n  },\n  (err, resp, body) => {\n    if (err) {\n      return callback(err);\n    }\n\n    if (resp.statusCode !== 200) {\n      return callback(new Error(`[Response code: ${resp.statusCode}] ${body}`));\n    }\n\n    let bodyParsed;\n    try {\n      bodyParsed = JSON.parse(body);\n    } catch (jsonError) {\n      return callback(new Error(body));\n    }\n\n    bodyParsed.user_id = bodyParsed.id;\n    bodyParsed.name = bodyParsed.handle;\n    return callback(null, bodyParsed);\n  });\n}"
        },
        "icon_url": "https://cdn.auth0.com/marketplace/catalog/content/assets/creators/figma/figma-avatar.png",
        "tokenURL": "https://www.figma.com/api/oauth/token",
        "client_id": "fake_client_id_n4GP6UrdX2P",
        "client_secret": "fake_client_secret_63ScVTzmxWt3",
        "authorizationURL": "https://www.figma.com/oauth",
        "integration_name": "figma"
    }
  1. In the options object, change the tokenURL value to: https://api.figma.com/v1/oauth/token
    Example updated options object:
    Example options object:
    "options": {
        "scope": "file_read",
        "scripts": {
            "fetchUserProfile": "function fetchUserProfile(accessToken, context, callback) {\n  request.get({\n    url: 'https://api.figma.com/v1/me',\n    headers: {\n      'Authorization': 'Bearer ' + accessToken,\n    }\n  },\n  (err, resp, body) => {\n    if (err) {\n      return callback(err);\n    }\n\n    if (resp.statusCode !== 200) {\n      return callback(new Error(`[Response code: ${resp.statusCode}] ${body}`));\n    }\n\n    let bodyParsed;\n    try {\n      bodyParsed = JSON.parse(body);\n    } catch (jsonError) {\n      return callback(new Error(body));\n    }\n\n    bodyParsed.user_id = bodyParsed.id;\n    bodyParsed.name = bodyParsed.handle;\n    return callback(null, bodyParsed);\n  });\n}"
        },
        "icon_url": "https://cdn.auth0.com/marketplace/catalog/content/assets/creators/figma/figma-avatar.png",
        "tokenURL": "https://api.figma.com/v1/oauth/token",
        "client_id": "fake_client_id_n4GP6UrdX2P",
        "client_secret": "fake_client_secret_63ScVTzmxWt3",
        "authorizationURL": "https://www.figma.com/oauth",
        "integration_name": "figma"
    }
  1. Using the PATCH Connection by Id you can update the options object.
    Example PATCH Request (Pass connection id in URL path and only options object)
PATCH https://{domain url}/api/v2/connections/con_Irocg2BrE5sMurE8

{
    "options": {
        "scope": "file_read",
        "scripts": {
            "fetchUserProfile": "function fetchUserProfile(accessToken, context, callback) {\n  request.get({\n    url: 'https://api.figma.com/v1/me',\n    headers: {\n      'Authorization': 'Bearer ' + accessToken,\n    }\n  },\n  (err, resp, body) => {\n    if (err) {\n      return callback(err);\n    }\n\n    if (resp.statusCode !== 200) {\n      return callback(new Error(`[Response code: ${resp.statusCode}] ${body}`));\n    }\n\n    let bodyParsed;\n    try {\n      bodyParsed = JSON.parse(body);\n    } catch (jsonError) {\n      return callback(new Error(body));\n    }\n\n    bodyParsed.user_id = bodyParsed.id;\n    bodyParsed.name = bodyParsed.handle;\n    return callback(null, bodyParsed);\n  });\n}"
        },
        "icon_url": "https://cdn.auth0.com/marketplace/catalog/content/assets/creators/figma/figma-avatar.png",
        "tokenURL": "https://api.figma.com/v1/oauth/token",
        "client_id": "fake_client_id_n4GP6UrdX2P",
        "client_secret": "fake_client_secret_63ScVTzmxWt3",
        "authorizationURL": "https://www.figma.com/oauth",
        "integration_name": "figma"
    }
}

Hope this helps and apologies for the inconvenience.

Thanks,

Brandon
Auth0 Product Manager

1 Like