Userinfo request

rchamila · December 27, 2020, 1:42am

Hi,
I’m trialling Python flask app with Auth0 and it seems userinfo request only returns roles in the response. I have checked this using a Postman request and it returns the same. Could you please clarify why is that?

dan.woda · December 29, 2020, 8:43pm

That is quite odd. Could you please send me the log of the request in a DM?

rchamila · December 29, 2020, 11:19pm

Hi Dan,
Unfortunately I’m using free plan because, I’m still trialling different integrations( ie .Net/Python etc ). It seems free plan doesn’t have logs.

Regards
Chamila

rchamila · December 29, 2020, 11:38pm

Actually I had a rule to return the roles. I have disabled it and now I get nothing in the response.

dan.woda · December 30, 2020, 8:01pm

@rchamila,

You should have access to logs, but they will only persist for a few days. They can be used to debug.

dan.woda · December 30, 2020, 8:04pm

What scopes are you requesting for your access token?

rchamila · January 1, 2021, 2:18am

Hello Dan,

Scopes are openid, profile and email

https://dev-g4t6koig.au.auth0.com/authorize?response_type=code&client_id=X9V0E9NHo7BZ1oGbtKsycsNsKFZv4zqu&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%2520profile%2520email&state=mruiM89rp8wZyanKbvejmQU00shl3D&nonce=uB23LCNozsNljAIXvDoK

Also I can see the logs now

One log is attachedrow.txt (739 Bytes)

dan.woda · January 4, 2021, 9:40pm

Can you try passing an audience parameter so we can look at the token and confirm it has the correct scopes?

rchamila · January 5, 2021, 12:05am

Thanks Dan for getting back to me. Unfortunately I couldn’t find how to set audience in Auth0 Flask library (authlib.integrations.flask_client ). This is how it sets. Can you please assist me to set the audience parameter here.

oauth = OAuth(app)

auth0 = oauth.register(
‘auth0’,
client_id=AUTH0_CLIENT_ID,
client_secret=AUTH0_CLIENT_SECRET,
api_base_url=AUTH0_BASE_URL,
access_token_url=AUTH0_BASE_URL + ‘/oauth/token’,
authorize_url=AUTH0_BASE_URL + ‘/authorize’,
client_kwargs={
‘scope’: ‘openid%20profile%20email’,
}
)

dan.woda · January 5, 2021, 12:10am

You should be able to add it there.

audience=AUTH0_BASE_URL + '/api/v2'

You will also need to go to your dashboard, API → Auth0 Management API → Machine to Machine Applications, then authorize your flask app.

rchamila · January 5, 2021, 12:27am

This is the auth response after adding audience. Hope this is what you want. Thanks

c8lCuUG8HHH2wAs4hLE7sI9iOXC8WJHc

dan.woda · January 5, 2021, 12:32am

Hmm, it doesn’t look like a jwt. This makes me think the audience wasn’t set properly.

rchamila · January 5, 2021, 12:47am

Bit of additional details below, not sure whether this will help you or not

Response:

dan.woda · January 5, 2021, 8:22pm

From the documentation for that library, it looks like you can send extra params with:

{name}_AUTHORIZE_PARAMS : Extra parameters for Authorization Endpoint.

dan.woda · January 5, 2021, 8:26pm

You will also want to rotate your client secret as it was listed here in plain text. I edited out for you.

dan.woda · January 5, 2021, 8:36pm

It looks like you are passing the scope incorrectly. It doesn’t look like it needs to be URL encoded.

rchamila · January 6, 2021, 2:50pm

Whooo, hoo. Yeah that’s the reason, removing url encoding fix the issue. Thanks a lot Dan. Cheers!!

dan.woda · January 6, 2021, 4:38pm

Glad that solved it!

system · January 21, 2021, 4:38pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.