What to do after login

Hi All,

So I created a “regular web application”, I see the auth0 login window, I sign in with Google, a callback occurs and I have what appears to be an HTTP_COOKIE
_ga=GA1.2.1762509120.1580224917; FSSBBIl1UgzbN7N80T=1Z5rdG.tzvdus9Fyxmc6a8TsgydVSGpwO9qXVbIZbWbDcBex8hDMi5iL5c3by5udqhIhv03pypuKMc8tBcROzimQ0Q_PtAQZBXvIE0wAkwgIXHvuucjQVYyBbEWdmHqTlKh75nuk800rGcXdSTiIem2XBNmuBtbeDALisf32ZvpyIOG; FSSBBIl1UgzbN7N80S=Kuv0gwiIj.Nmpkw2UIX00tq7xEGN8ypD2c5S7ZybSeOtg_xP3Dltq6WTHAQIELUM; _hjid=a28a8f2e-1eb6-4ba2-9ee6-0f98258a1b3f; mod_auth_openidc_state_37FWF4_VokXLGVBexlaKZxJ_b9Y=CNiwwypwn8B5gNFcc260S0aOeSnxIDxt3JH8NNjzaqlgQnfXvczimOk1IbuOXG9KTotPvn7bgdmC0pzrxKvfOH4xgDTvmB5thUzSCNqeGUwpmQknHYRsHp0D-dovERoWE8wwRw-Ek6N-aR9Q2aJ6sMaNZYZW5YM3-0iAWNK4GF-az-a7zP58F2c4IkF3pWV6qTQh6s7sV5-3xZydvG_wh_VB2jCvZqxzKaihNHnvhgeXRSTj4hdI0JOmmCRVov4cuMUD54zsxUMyNlp1R5UlAjQrf02sjvaKnQdvBe2nc-H8Mk7evwM32M74hViaH4ZIE1fo4b9gvP8TEP0CvJitMazSIK6MxfUNzb5EVmlkeew; mod_auth_openidc_session=d076d0e4-e604-4db4-b1e5-d964a8457111

How do I get user information from this ?
I tried running:
curl --request POST
–url ‘https://YOUR_DOMAIN/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=authorization_code
–data ‘client_id=YOUR_CLIENT_ID’
–data client_secret=YOUR_CLIENT_SECRET
–data ‘redirect_uri=https://YOUR_APP/callback’

But I get an error {“error”:“invalid_grant”,“error_description”:“Invalid authorization code”}

How do I get the user information after the callback ?



Hi @jerry.geis,

Have you looked at our Quickstarts?

The cookie does not directly contain user information. You need to exchange the auth code for the user’s tokens (access token and ID token).

SO I found the LOGS on Auth0… I am logging in - I get the callback - I take that data and ask for the user info - I get an error.

This first one is a callback - with success basically.

“date”: “2021-07-12T11:15:24.170Z”,
“type”: “seacft”,
“description”: “Authorization Code for Access Token”,
“connection_id”: “”,
“client_id”: “*******************GGZ”,
“client_name”: “LSI-dev”,
“ip”: “myip”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“details”: {
“code”: “*************tG7”
“hostname”: “****************.us.auth0.com”,
“user_id”: “google-oauth2|108454278760169082476”,
“user_name”: “jerry.geis@***************.com”,
“log_id”: “90020210712111528176434266888260170404377215360726728706”,
“_id”: “90020210712111528176434266888260170404377215360726728706”,
“isMobile”: false

This is taking the data “code” returned from the top callback and asking for details. It returns “invalid”.

“date”: “2021-07-12T11:42:13.155Z”,
“type”: “feacft”,
“description”: “Invalid authorization code”,
“connection_id”: “”,
“client_id”: “*******GGZ",
“client_name”: “LSI-dev”,
“ip”: "
“user_agent”: “curl 7.29.0 / Other 0.0.0”,
“details”: {
“code”: “*************tG7”
“hostname”: “********************.us.auth0.com”,
“user_id”: “”,
“user_name”: “”,
“log_id”: “90020210712114217188996081738650065184013324965570936850”,
“_id”: “90020210712114217188996081738650065184013324965570936850”,
“isMobile”: false

What am I missing ?


Hey @jerry.geis

It seems like I am working through this exact same problem with another user that might also be you in this thread:

Regular Web Application.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.