Username/Password Flow plus sign in username causing problems

eabrouwer3 · December 9, 2019, 10:42pm

Hello all!

I’m having a problem when using a plus in my username and then trying to authenticate with the API using the python requests package. I’m just curious as to whether it’s a problem with requests, or if it’s a problem with auth0. Basically, what is my problem. Here’s the code I’m using, and here’s what I’m seeing from doing my own digging.

In [1]: requests.post('https://auth.taxbit.com/oauth/token', data={
    ...:     'grant_type': 'password',
    ...:     'username': 'ethan+test@taxbit.com',
    ...:     'password': '<password>',
    ...:     'client_id': '<CLIENT_ID>'
    ...: })
Out[1]: <Response [500]>

In [2]: resp.json()
Out[2]: 
{'error': 'access_denied',
 'error_description': 'Unexpected token < in JSON at position 0'}

In [3]: resp.request.body
Out[3]: 'grant_type=password&username=ethan+test@taxbit.com&password=<password>&client_id=<CLIENT_ID>'

In [4]: resp.request.headers
Out[4]: {'User-Agent': 'python-requests/2.22.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Content-Length': '125', 'Content-Type': 'application/x-www-form-urlencoded'}

The thing that’s really confusing, is I’m not even posting JSON anymore. I’m posting with content-type: application/x-www-form-urlencoded. Any ideas?

dan.woda · December 10, 2019, 12:51am

Hi @eabrouwer3,

Welcome to the Auth0 Community Forum!

I don’t think the + should be causing issues in the username. It is an allowed character according to this.

I am a little bit confused about what the problem is. Are you getting a 500 response from the server? or the access denied?

eabrouwer3 · December 10, 2019, 6:53pm

Hi @dan.woda,

I’m getting both. As yuou can see, the response gives a 500 error with the json response describing the ‘access_denied’ error as having to do with Auth0. I actually messed up copying what it’s sending though. It is sending everything url-encoded, if that’s a problem. The real email part of the data being sent is ethan%2Btest%40taxbit.com. The problem is the 500. I should be getting a 200 or at least something else. And I know the password is right because I can test it through our login page, which is hosted by Auth0. Does that answer some of your questions? Thanks!

dan.woda · December 10, 2019, 11:20pm

Can you send me your auth0 tenant name via a DM?