I created a user manually in Auth0 (for testing). ...
# prisma-whats-new
I created a user manually in Auth0 (for testing). This user in not connected to any user in GraphCool. I'm able to get token for that user in my app. I put that token into Relay Environment -> fetch function, headers section `'Authorization': `Bearer ${token}``. When I try to execute query on type for which I have set
Authentication required
I got
Insufficient Permissions
as response. Any ideas what am I doing wrong?
Which Auth0 integration are you using? The built-in one, or the one using custom resolver functions? If the first, can you check the token algorithm on jwt.io. I'm pretty sure it will be RS256, which is not supported by the built-in Auth0 integration.
If that's the case, then it depends on which Auth0 authentication mechanism you're using. If you're using email/password, you can't use the built-in Auth0 integration at Graphcool. Period. If you are using social authentication at Auth0 (like Facebook for example), you have to disable OIDC conformance in the Auth0 settings, set the algorithm to HS256, and make sure you don't set any audience claim for the token in the client.
the built one in GC
to me it sounds the Auth0 user is not persisted in Graphcool, is that correct? the permission system only accepts tokens for users in Graphcool
Yes Nilan, I created a user manually in Auth0 (for testing). This user in not connected to any user in GraphCool.
so, there's your problem 🙂
Can I manaully connect that auth0 user (via playground) to any exisiting user in GraphCool?
it's more complicated with the built-in integration, and pretty straight forward with the resolver functions approach
@agartha In Auth0 console it's set to RS256
Okay, then follow the steps in my reply to change the settings, because even with a user in Graphcool, the token will not be recognized with the default Auth0 settings
I'm using Auth0 built in intergation by the way
@nilan so, the bottom line is that I need to have a GraphCool user (type
) assinged to Auth0 user to be able to fetch data that needs authentication, right?
I have created a user in GraphCool corresponding with a user in Auth0 by executing
Copy code
mutation createUser($token: String!){
    email: "<mailto:test@hireflow.net|test@hireflow.net>",
    authProvider: { auth0: { idToken: $token } }, 
    systemRole: USER
  ) {
I has been created with token from auth0 and I can see proper user id in auth0UserId field.
However I still get Insufficient Permissions
now it started working, with no particular reason (no code changes or configuration). that's strange
difficult to remote debug in this case, but I expect your token was not set correctly, or the permissions weren't 😛