UWP application triggers a "feacft" error log event when using Google/Facebook authentication

sggirbekim · April 28, 2017, 2:53am

I’m currently writing a Windows 10 UWP client application, figured I’d start with authentication.

Trying to integrate Auth0 as the authentication provider. I’ve got the Auth0 NuGet package installed in the project (Auth0.OidClient.UWP 1.0.0).

Attempting to sign up or log in via Google or Facebook (having 2 factor authentication turned on in both for my personal accounts) generates a failed login with the following log entry:

{
  "date": "2017-04-27T19:27:37.395Z",
  "type": "feacft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": "TtNVwpGFqrzq68nQyeJBFm5c3B2HhBH4",
  "client_name": null,
  "ip": "68.36.33.32",
  "user_id": "",
  "user_name": "",
  "log_id": "49560429270835143462027566576975370947558709714055331842"
}

My C# code in the client app is this:

private async void Page_Loaded(object sender, RoutedEventArgs e)
{
    Debug.WriteLine($"Domain: {Auth0Configuration.DOMAIN}");
    Debug.WriteLine($"Client ID: {Auth0Configuration.CLIENT_ID}");
    Auth0Client client = new Auth0Client(
        new Auth0ClientOptions()
                    {
            Domain = Auth0Configuration.DOMAIN,
            ClientId = Auth0Configuration.CLIENT_ID,
            Scope = "openid name email",
            LoadProfile = true
        }
    );

    LoginResult loginResult = await client.LoginAsync();
    if (loginResult.IsError) {
        Debug.WriteLine(string.Format("An error occured during login: {0}", loginResult.Error));
    }
    else {
        Debug.WriteLine($"id_token: {loginResult.IdentityToken}");
        Debug.WriteLine($"access_token: {loginResult.AccessToken}");
    }
}

Looking up the error code “feacft” routes me to a page describing how to do the authentication flow by hand. However, I thought that using the Lock client was supposed to simplify that.

What am I doing wrong? What have I over looked in configuring my account and / or client?

jmangelo · May 17, 2017, 5:28pm

The log event type feacft is associated with a failed exchange, in particular, a failure in exchanging an authorization code for a token.

The authentication flow you described suggest that the authorization code grant with PKCE (given its a native application) is being used in order to authenticate the user so this is consistent with the log event.

The most likely cause for receiving an feact (Unauthorized) for this scenario is due to an incorrectly configured client application. More specifically, the Client Type for the application should be Native.

The underlying issue is that Native applications can call the token endpoint without performing client authentication and if the client is incorrectly configured in a way that it’s requiring client authentication then the error in question will be triggered because your native client application won’t be performing client authentication.

Fixing the client type should address this situation; if not, try to setup a new client application with the native type from scratch and use that one.