Obtain APIv2 Token

[mbiang]

Greetings - it is possible to obtain an APIv2 token using the ruby library? Basically, I want to call a method that makes the request documented here:

https://auth0.com/docs/api/management/v2/tokens#automate-the-process

Is there a way to do this currently with this library?

[herenow]

I'm currently wrapping this client w/ an object that fetches the token for me. This might also be useful for you:

require 'uri'
require 'net/http'
require 'auth0'

class Auth0Api
  def initialize(options = {})
    @client_id = options[:client_id] || ENV['AUTH0_CLIENT_ID']
    @client_secret = options[:client_secret] || ENV['AUTH0_CLIENT_SECRET']
    @domain = options[:domain] || ENV['AUTH0_DOMAIN']
  end

  def client
    @client ||= new_client
  end

  def token
    @token ||= get_token
  end

  private

  def new_client
    Auth0Client.new(
      client_id: @client_id,
      domain: @domain,
      token: token,
      api_version: 2,
    )
  end

  def get_token
    # TODO: Maybe we should cache this api call?
    get_token_data['access_token']
  end

  def get_token_data
    url = URI("https://#{@domain}/oauth/token")

    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE

    request = Net::HTTP::Post.new(url)
    request['content-type'] = 'application/json'
    request.body = JSON.dump({
      grant_type: 'client_credentials',
      client_id: @client_id,
      client_secret: @client_secret,
      audience: "https://#{@domain}/api/v2/",
    })

    response = http.request(request)

    check_http_response!(response)

    data = JSON.parse(response.read_body)

    data
  end

  def check_http_response!(response)
    unless response.kind_of? Net::HTTPSuccess
      puts response.read_body
      response.error!
    end
  end
end

You also need to register an API, set the audience, and authorize you client, or you will receive an error like so:

{"error":"access_denied","error_description":"Client is not authorized to access \"https://mydomain.auth0.com/api/v2/\". You might probably want to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/v2#!/ Client_Grants/post_client_grants"}

I just had to register an API and auhtorize my client.

[chrisnicola]

Is there a logical reason why the code for getting the token is not part of this library. It seems rather silly to have to express a Net::HTTP post request directly for this.

[chrisnicola]

@herenow your code has the client_secret in the Auth0Client.new method, but I believe you need to pass the token instead.

[herenow]

@chrisnicola In my case, I needed access to the "management api" to migrate user metadata, so I didn't have a user's access token available, in this case, I believe I had to obtain an "administrative" access token w/ my client's secret.

[chrisnicola]

I'm confused isn't it enough to just use the token? This is the example from the README:

auth0 = Auth0Client.new(
  :client_id => "YOUR CLIENT ID",
  :token => "YOUR JWT HERE",
  :domain => "<YOUR ACCOUNT>.auth0.com",
  :api_version => 2
)

[herenow]

@chrisnicola Yep, but we first need to get this access token, this tokens are not "api keys", so we need to authenticate via the /oauth/token endpoint and get a fresh token.

Although my code wouldn't make much sense if you already have the access token, maybe from the user's session.

What is your use case? Do you already have the access token?

[chrisnicola]

No I mean that you need the client_secret to get the token, but not to new up the Auth0Client which does not fetch tokens.

[herenow]

@chrisnicola You're right! I though you were talking about Auth0Api, confusing names :) But, you're correct, we don't need to pass the client_secret to Auth0Client, I'm removing it now, thanks.

[joshcanhelp]

Apologies for the late reply here ... we're going to add a native method for this as part of the library implemented here in the next release.

@herenow @chrisnicola - Really appreciate you guys putting together an example for folks to use. The HTTP call to get a token looks good (more generic steps here). One thing to note ... you don't need to create an API if you're trying to access the Management API. The APIs section of the dashboard will have a record for Auth0 Management API, which is the one you'll want to use. As you said, you will need to authorize your Application for that API and make sure that "Client Credentials" is turned on under Application settings > Advanced > Grant Types.

[qortex]

Jumping a bit late here, but just putting a dummy token here allows to get the token using the gem code:

Auth0Client.new(
        client_id: Rails.application.secrets.auth0_client_id,
        client_secret: Rails.application.secrets.auth0_api_mtom_client_secret,
        domain: Rails.application.secrets.auth0_domain,
        token: 'dummy-but-must-be-non-null-because-of-the-gem'
      ).api_token

[joshcanhelp]

If you want to use just the Authentication API methods, there is now an example here.