Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a resource server breaks authentication. #76

Closed
am17torres opened this issue Oct 19, 2016 · 1 comment
Closed

Adding a resource server breaks authentication. #76

am17torres opened this issue Oct 19, 2016 · 1 comment

Comments

@am17torres
Copy link

I was hoping someone could explain why this happened. I understand that there needs to be a client grant if I'm trying to get an access_token signed by auth0 to call the resource_server.
However, the code below is getting and id_token signed with my client secret which never calls any resource server. I'm not sure why adding the resource server to the client via the auth0 management api would cause an unrelated application/auth flow to go down.

Below is the minimum repro case:

2.3.1 :007 > client = Auth0Client.new(
2.3.1 :008 >     client_id: '04a3QIRE2b0dj8s83WxdoXpdrEXAMPLE',
2.3.1 :009 >     client_secret: 'CIxYL_Zjt_cWWMxqtvgTyHJVYHk5-CPer2j5p-A2lq9dILEF_PpBrhyNMEXAMPLE',
2.3.1 :010 >     domain: 'domain.auth0.com',
2.3.1 :011 >     api_version: 1
2.3.1 :012?>   )
 => #<Auth0Client:0x007fd675bcbc10 @domain="domain.auth0.com", @base_uri="https://domain.auth0.com", @headers={"Content-Type"=>"application/json", "User-Agent"=>"Ruby/2.3.1", "Auth0-Client"=>"eyJuYW1lIjoicnVieS1hdXRoMCIsInZlcnNpb24iOiI0LjEuMCJ9", "Authorization"=>"Bearer h5XMQmo6YWlDtXaG99Spflmw74L8FdtMqSCCtysLRbFMLGVAMa3Msy6NZZvNmVcd"}, @timeout=10, @client_id="04a3QIRE2b0dj8s83WxdoXpdrEXAMPLE", @client_secret="CIxYL_Zjt_cWWMxqtvgTyHJVYHk5-CPer2j5p-A2lq9dILEF_PpBrhyNMEXAMPLE", @token="h5XMQmo6YWlDtXaG99Spflmw74L8FdtMqSCCtysLRbFMLGVAMa3Msy6NZZvNmVcd">

# patch client to have a resource server
Request URL:https://domain.auth0.com/api/v2/clients/04a3QIRE2b0dj8s83WxdoXpdrEXAMPLE
Request Method:PATCH
Status Code:200 OK

{
  "resource_servers":[
   {
     "identifier": "https://resource_identifier/",
     "scopes": []
   }
   ]
}

2.3.1 :013 > client = Auth0Client.new(
2.3.1 :014 >     client_id: '04a3QIRE2b0dj8s83WxdoXpdrEXAMPLE',
2.3.1 :015 >     client_secret: 'CIxYL_Zjt_cWWMxqtvgTyHJVYHk5-CPer2j5p-A2lq9dILEF_PpBrhyNMEXAMPLE',
2.3.1 :016 >     domain: 'domain.auth0.com',
2.3.1 :017 >     api_version: 1
2.3.1 :018?>   )
Auth0::AccessDenied: {"error":"access_denied","error_description":"Client is not authorized to access \"https://resource_identifier/\". You might probably want to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants"}
    from ~/.rvm/gems/ruby-2.3.1/gems/auth0-4.1.0/lib/auth0/mixins/httpproxy.rb:24:in `block (2 levels) in <module:HTTPProxy>'
    from ~/.rvm/gems/ruby-2.3.1/gems/auth0-4.1.0/lib/auth0/api/authentication_endpoints.rb:21:in `obtain_access_token'
    from ~/.rvm/gems/ruby-2.3.1/gems/auth0-4.1.0/lib/auth0/mixins/initializer.rb:79:in `initialize_v1'
    from ~/.rvm/gems/ruby-2.3.1/gems/auth0-4.1.0/lib/auth0/mixins/initializer.rb:39:in `initialize_api'
    from ~/.rvm/gems/ruby-2.3.1/gems/auth0-4.1.0/lib/auth0/mixins/initializer.rb:17:in `initialize'
    from (irb):13:in `new'
    from (irb):13
    from ~/.rvm/rubies/ruby-2.3.1/bin/irb:11:in `<main>'
2.3.1 :019 >
@am17torres
Copy link
Author

Closing issues I've opened.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@am17torres