Vk auth plugin: Selected sign-in method not available for app

Get Help
,
1

I am trying to set up vkontakte auth plugin for auth0 by its Setup Guide:

  1. Created a vk id app; got app ID and secure key; made the app “enabled and accessible by everyone”
  2. Added a social connection using vkontakte plugin:
    • Application ID: 8 digits from vk id app settings (53519765)
    • Secure key: secure key from vk id app settings
    • Attributes: basic profile only
    • Permissions: none (all boxes unticked)
    • Additional Scopes: none (empty textarea)
    • Sync user profile attributes at each login: yes (default value)
  3. Enabled vkontakte connection for my application
  4. Found my app domain (dev-wm6gx6s70lw6eu23 . us . auth0 . com) and configured vk id application (Base domain, Trusted redirect URL)

After configuring, I tried to test the conection (Try Connection button) and got this:

URL: oauth . vk . com /authorize?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%MY_DOMAIN%2Flogin%2Fcallback&scope=profile&state=x0mLzikO8l2wSia2uf5ZYKq82ePMOEzE&client_id=53519765

Selected sign-in method not available for app. Please try again later or contact the app administrator

Double-checked:

  1. App credentials
  2. Auth0 domain
  3. Everything else from vkontakte plugin’s Setup Guide

Looks either I am doing something wrong or vk id have made some changes to their authentication protocol.
Can you by any chance notice what am I doing wrong?
Are there any possible workarounds you might know about?
Is it possible to write a custom auth plugin for Auth0?

2

Quick note: MY_DOMAIN part in the authorize URL is my actual app domain (replaced due to hyperlink protection)

4

Hi @max91

Welcome to the Auth0 Community!

Thank you for providing information on the matter, I was able to reproduce your problem by using the VK Plugin and by creating a custom social connection as well.

If you have not created a custom social connection for VK, could you please give that a try as well? If you have any issues, I can help you out with that.

I will come back with more information as soon as possible!

Kind Regards,
Nik

1 Like
5

Hi again!

I believe that the VK Plugin might be outdated regarding the matter. As far as I have researched, the previous authentication api which was used to integrate web applications with their social website has migrated to id.vk.com. You can find more information on integrating their social connection with your applications in their documentation.

By following this documentation, you should be able to create a custom social button within Auth0 by using the credentials of a web application created on the website mentioned above.

I am currently still having issues in making the integration function successfully, however, if you need any help on the matter, let me know! I will come back with an update in regards to the integration from my end!

Kind Regards,
Nik

1 Like
6

Hi @nik.baleca,
Thank you for your response!

Regarding “a custom social connection for VK”: I’m stuck at saving my custom connection.
Trying to do the following:

  1. Client ID, client secret: using values from my vk id app
  2. Auth url, token url, scopes: values are set according to vk id documentation
  3. Separate scopes with space: disabled (default value; using only one scope — “vkid.personal_info”)
  4. Fetch User Profile Script:
function(accessToken, ctx, cb) {
    const url = "https://id.vk.com/oauth2/public_info";
    request.get(
        {
            url,
            headers: {
                "Authorization": `Bearer ${accessToken}`
            }
        },
        (error, response, body) => {
            if (error) {
                return cb(error);
            }
            if (response.statusCode !== 200) {
                return cb(new Error(body));
            }
            let bodyParsed;
            try {
                bodyParsed = JSON.parse(body);
            } catch (jsonError) {
                return cb(new Error(body));
            }
            const profile = {
                user_id: bodyParsed.user.user_id,
                email: bodyParsed.user.email,
                email_verified: true,
                name: bodyParsed.user.first_name + " " + bodyParsed.user.last_name,
                picture: bodyParsed.user.avatar
            };
            cb(null, profile);
        }
    );
}

(didn’t find any docs, adapted script from medium . com/%40colin.douglas/creating-a-custom-social-connection-between-auth0-and-gitlab-saas-4d22864cf503 )
5. Custom Headers: none (empty text area)
6. Sync user profile attributes on each login: enabled (default value)

When trying to save I get this: 403 Forbidden / Error! You don’t have permissions to access the resource. There are no additional details in the response body.

Is there some limitation disabling me from saving a custom social login provider or is there another reason behind the case?

7

Hi again!

Thanks for the update provided.

Most probably the error received when trying to save the template might be caused by the fact that you had multiple tabs opened with the same page which was causing conflicts on the dashboard whenever you were attempting to save the changes.

To provide you some updated on my end, I was able to make the social connection work by using the following settings for the custom login button:

  • Authorization URL:
https://id.vk.com/authorize?response_type=code&client_id={{client_id of the vk app}}&
redirect_uri={{callback URL set inside the VK dashboard}}&
code_challenge={{generated code challange and verifier}}&
code_challenge_method=S256
  • Token URL - https://id.vk.com/oauth2/auth
  • Client ID - vk app id
  • Client Secret - vk app protected/secure key
  • Fetch User Profile - I used the same script you have provided//other sample scripts

The issue that I have ran into is that I am received an invalid {{any user profile parameter}} error, which it appears that the retrieved data is incorrect in order to build an user profile.

Regarding this, I would advise to contact VK support.

If you have any other questions, let me know!

Kind Regards,
Nik

8
  1. Additional configuration was required: enabled PKCE for auth0 app for it to use code_challenge
  2. Got to the point where I receive invalid {{any user profile parameter}} error, too. Done some debugging:
    • Replaced “Fetch user profile script” with this one:

function(accessToken, ctx, cb) {
cb(new Error(JSON.stringify({
ctx,
accessToken
})), null);
}

   - Got this error:
   - ```json
{
  "error": "invalid_request",
  "error_description": {
    "ctx":{
      "error":"invalid_request",
      "error_description":"device_id is invalid",
      "options":{
        "scope":"vkid.personal_info",
        "tokenURL":"https :// id.vk .com/oauth2/auth",
        "client_id":"53519765",
        "pkce_enabled":true,
        "client_secret":"REDACTED",
        "authorizationURL":"https :// id.vk .com/authorize",
        "store":{}
      }
    },
    "accessToken":""
  }
}

Looks like Auth0 does not account for ‘device_id’ parameter which is required in vk id auth flow. It first appears as the redirect callback query parameter (&device_id=…) and should be passed along with the auth token for the rest of key exchange procedure.

I found customScripts property in the docs ( https :// auth0 .com/docs/api/management/v2/connections/patch-connections-by-id ) which can be used to set scripts for login, get_user, delete, verify, create and change_* actions; none of these scripts seem to be applicable for altering key exchange flow; they seem to be Custom Database Action Scripts ( https :// auth0 .com/docs/authenticate/database-connections/custom-db/templates )
Given the debug output, neither the original redirect url nor the device_id parameter are present in the scope of get_user method so I cannot implement auth flow using this entry point.

Do you know of any other options I have to affect initial key exchange flow to make use of device_id parameter?

9

I believe our documentation on updating the authentication flow or the connection itself and how to pass dynamic provider specific parameters should be helpful.

This way, you should be able to set the connection to pass in the device_id in order to exchange it for a valid access token.

Let me know if you have any other updates on the matter,

Kind Regards,
Nik