Userinfo request

Hi,
I’m trialling Python flask app with Auth0 and it seems userinfo request only returns roles in the response. I have checked this using a Postman request and it returns the same. Could you please clarify why is that?

That is quite odd. Could you please send me the log of the request in a DM?

Hi Dan,
Unfortunately I’m using free plan because, I’m still trialling different integrations( ie .Net/Python etc ). It seems free plan doesn’t have logs.

Regards
Chamila

Actually I had a rule to return the roles. I have disabled it and now I get nothing in the response.

@rchamila,

You should have access to logs, but they will only persist for a few days. They can be used to debug.

What scopes are you requesting for your access token?

Hello Dan,

Scopes are openid, profile and email

Also I can see the logs now

One log is attachedrow.txt (739 Bytes)

Can you try passing an audience parameter so we can look at the token and confirm it has the correct scopes?

Thanks Dan for getting back to me. Unfortunately I couldn’t find how to set audience in Auth0 Flask library (authlib.integrations.flask_client ). This is how it sets. Can you please assist me to set the audience parameter here.

oauth = OAuth(app)

auth0 = oauth.register(
‘auth0’,
client_id=AUTH0_CLIENT_ID,
client_secret=AUTH0_CLIENT_SECRET,
api_base_url=AUTH0_BASE_URL,
access_token_url=AUTH0_BASE_URL + ‘/oauth/token’,
authorize_url=AUTH0_BASE_URL + ‘/authorize’,
client_kwargs={
‘scope’: ‘openid%20profile%20email’,
}
)

You should be able to add it there.

audience=AUTH0_BASE_URL + '/api/v2'

You will also need to go to your dashboard, API -> Auth0 Management API -> Machine to Machine Applications, then authorize your flask app.

This is the auth response after adding audience. Hope this is what you want. Thanks

c8lCuUG8HHH2wAs4hLE7sI9iOXC8WJHc

Hmm, it doesn’t look like a jwt. This makes me think the audience wasn’t set properly.

Bit of additional details below, not sure whether this will help you or not

Response:

From the documentation for that library, it looks like you can send extra params with:

  • {name}_AUTHORIZE_PARAMS : Extra parameters for Authorization Endpoint.

You will also want to rotate your client secret as it was listed here in plain text. I edited out for you.

1 Like

It looks like you are passing the scope incorrectly. It doesn’t look like it needs to be URL encoded.

Whooo, hoo. Yeah that’s the reason, removing url encoding fix the issue. Thanks a lot Dan. Cheers!!

1 Like

Glad that solved it!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.