Validating token with back node js + front vue 3

hello!!! I have this middleware on my back:

const { auth } = require("express-oauth2-jwt-bearer");
import { env } from "../../utils/enviroment";

export const validateAccessToken = auth({
  issuerBaseURL: `https://${env.AUTH0_DOMAIN}`,
  audience: env.AUTH0_AUDIENCE,
})

and I have this middleware too:

//file server.js
app.use(errorHandler);
app.use(notFoundHandler);

following this example:
https://github.com/auth0-developer-hub/api_express_javascript_hello-world

and in my front(Vue js 3) I have:

<template>
  <div class="content-layout" :v-if="invalidUser">
    <h1 id="page-title" class="content__title">Warning</h1>
    <div class="content__body">
      <p id="page-description">
        <span>You are  <strong>Blocked</strong>.</span>
        <span><strong >Only authorized users can access this platform.</strong></span>
      </p>
      <div class="profile-grid" >
          <button class="button__cancel" @click="goHome" style="">Go home</button>
      </div>
    </div>
  </div>  
</template>

<script>

import { checkUserLogged } from "../services/message.service";

export default {
  data() {
    return {
      user: this.$auth0.user,
      invalidUser: false
    };
  },
  computed: {
  },
  methods: {
    async checkUser() { 
      if(this.user.name){
        const accessToken = await this.$auth0.getAccessTokenSilently();
        const user = this.user;
        const { data, error } = await checkUserLogged(accessToken, user);
        if (data) { 
          if( data.authorize ){
            this.$router.push('/profile');
          }else{
            this.invalidUser = true; 
            setTimeout(async () => {
              await this.$auth0.logout({
                logoutParams: {
                  returnTo: 'http://localhost:4040/',
                }
              });
            }, 5000);                   
          }
        }
        if (error) {
          this.message = JSON.stringify(error, null, 2);
        }        
      }
    },
    goHome(){
      this.$auth0.logout({
        logoutParams: {
          returnTo: 'http://localhost:4040/',
        }
      });      
      this.$router.push('/');
    }
  },
  mounted() { 
    this.checkUser();
  },
};
</script>

I’m getting this issue:

401 Unauthorized
message:"Bad credentials"

I checked my enviroment: CLIENT_ORIGIN_URL, AUTH0_AUDIENCE, AUTH0_DOMAIN, AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET, in my back and front code, and it’s right, you can help me? what’s wrong

Hi @Gerarca,

Thanks for reaching out to the Auth0 Community!

I understand that you are trying to validate your access token and encountered the 401 Unauthorized error, specifically mentioning about having bad credentials.

Now, could you please check your Logs for the error and verify that the data passed in the request is correct (e.g client_id, audience, etc)?

The error logs should provide you details about the data your passed in your request.

And if possible, could you decode your access token and verify the payload is correct as well?

(Reference: Auth0 Node (Express) API SDK Quickstarts: Authorization)

Please let me know how this goes for you.

Thanks,
Rueben

Hello @rueben.tiow

I was checking the monitor logs and it look like everything is ok:

Screenshot 2024-01-04 2013111087×348 19.1 KB

I’m using this configuration, in my back(node js)

Hi @Gerarca,

Thanks for your response.

Looking at your logs, it seems like the user was able to login and exchange the authorization code for an access token.

Could you try decoding the access token on jwt.io and see if the payload is correct?

Thanks,
Rueben

Hi @rueben.tiow

s743×391 8.77 KB

I got the “iss” correct, but on “PAYOLAD: DATA” I got nothing, this is bad??

Hi @Gerarca,

It seems that the token is an opaque access token.

In this case, please check that your login request passes in the audience parameter to get a JWT access token.

Cheers,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.