What to do after login

jerry.geis · July 9, 2021, 12:23pm

Hi All,

So I created a “regular web application”, I see the auth0 login window, I sign in with Google, a callback occurs and I have what appears to be an HTTP_COOKIE
_ga=GA1.2.1762509120.1580224917; FSSBBIl1UgzbN7N80T=1Z5rdG.tzvdus9Fyxmc6a8TsgydVSGpwO9qXVbIZbWbDcBex8hDMi5iL5c3by5udqhIhv03pypuKMc8tBcROzimQ0Q_PtAQZBXvIE0wAkwgIXHvuucjQVYyBbEWdmHqTlKh75nuk800rGcXdSTiIem2XBNmuBtbeDALisf32ZvpyIOG; FSSBBIl1UgzbN7N80S=Kuv0gwiIj.Nmpkw2UIX00tq7xEGN8ypD2c5S7ZybSeOtg_xP3Dltq6WTHAQIELUM; _hjid=a28a8f2e-1eb6-4ba2-9ee6-0f98258a1b3f; mod_auth_openidc_state_37FWF4_VokXLGVBexlaKZxJ_b9Y=CNiwwypwn8B5gNFcc260S0aOeSnxIDxt3JH8NNjzaqlgQnfXvczimOk1IbuOXG9KTotPvn7bgdmC0pzrxKvfOH4xgDTvmB5thUzSCNqeGUwpmQknHYRsHp0D-dovERoWE8wwRw-Ek6N-aR9Q2aJ6sMaNZYZW5YM3-0iAWNK4GF-az-a7zP58F2c4IkF3pWV6qTQh6s7sV5-3xZydvG_wh_VB2jCvZqxzKaihNHnvhgeXRSTj4hdI0JOmmCRVov4cuMUD54zsxUMyNlp1R5UlAjQrf02sjvaKnQdvBe2nc-H8Mk7evwM32M74hViaH4ZIE1fo4b9gvP8TEP0CvJitMazSIK6MxfUNzb5EVmlkeew; mod_auth_openidc_session=d076d0e4-e604-4db4-b1e5-d964a8457111

How do I get user information from this ?
I tried running:
curl --request POST
–url ‘https://YOUR_DOMAIN/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=authorization_code
–data ‘client_id=YOUR_CLIENT_ID’
–data client_secret=YOUR_CLIENT_SECRET
–data code=YOUR_AUTHORIZATION_CODE
–data ‘redirect_uri=https://YOUR_APP/callback’

But I get an error {“error”:“invalid_grant”,“error_description”:“Invalid authorization code”}

How do I get the user information after the callback ?

Thanks

Jerry

dan.woda · July 9, 2021, 9:28pm

Hi @jerry.geis,

Have you looked at our Quickstarts?

The cookie does not directly contain user information. You need to exchange the auth code for the user’s tokens (access token and ID token).

jerry.geis · July 12, 2021, 12:28pm

SO I found the LOGS on Auth0… I am logging in - I get the callback - I take that data and ask for the user info - I get an error.

This first one is a callback - with success basically.

{
“date”: “2021-07-12T11:15:24.170Z”,
“type”: “seacft”,
“description”: “Authorization Code for Access Token”,
“connection_id”: “”,
“client_id”: “*******************GGZ”,
“client_name”: “LSI-dev”,
“ip”: “myip”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“details”: {
“code”: “*************tG7”
},
“hostname”: “****************.us.auth0.com”,
“user_id”: “google-oauth2|108454278760169082476”,
“user_name”: “jerry.geis@***************.com”,
“log_id”: “90020210712111528176434266888260170404377215360726728706”,
“_id”: “90020210712111528176434266888260170404377215360726728706”,
“isMobile”: false
}

This is taking the data “code” returned from the top callback and asking for details. It returns “invalid”.

{
“date”: “2021-07-12T11:42:13.155Z”,
“type”: “feacft”,
“description”: “Invalid authorization code”,
“connection_id”: “”,
“client_id”: “*******GGZ",
“client_name”: “LSI-dev”,
“ip”: "”,
“user_agent”: “curl 7.29.0 / Other 0.0.0”,
“details”: {
“code”: “*************tG7”
},
“hostname”: “********************.us.auth0.com”,
“user_id”: “”,
“user_name”: “”,
“log_id”: “90020210712114217188996081738650065184013324965570936850”,
“_id”: “90020210712114217188996081738650065184013324965570936850”,
“isMobile”: false
}

What am I missing ?
Thanks

Jerry

dan.woda · July 12, 2021, 7:00pm

Hey @jerry.geis

It seems like I am working through this exact same problem with another user that might also be you in this thread:

Regular Web Application.

system · August 23, 2021, 4:20pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.