I created a user manually in Auth0 for testing This user in Prisma #prisma-whats-new

I created a user manually in Auth0 (for testing). ...

panzupa

10/06/2017, 5:18 PM

I created a user manually in Auth0 (for testing). This user in not connected to any user in GraphCool. I'm able to get token for that user in my app. I put that token into Relay Environment -> fetch function, headers section `'Authorization': `Bearer ${token}``. When I try to execute query on type for which I have set

Authentication required

I got

Insufficient Permissions

as response. Any ideas what am I doing wrong?

agartha

10/06/2017, 5:30 PM

Which Auth0 integration are you using? The built-in one, or the one using custom resolver functions? If the first, can you check the token algorithm on jwt.io. I'm pretty sure it will be RS256, which is not supported by the built-in Auth0 integration.

agartha

10/06/2017, 5:32 PM

If that's the case, then it depends on which Auth0 authentication mechanism you're using. If you're using email/password, you can't use the built-in Auth0 integration at Graphcool. Period. If you are using social authentication at Auth0 (like Facebook for example), you have to disable OIDC conformance in the Auth0 settings, set the algorithm to HS256, and make sure you don't set any audience claim for the token in the client.

panzupa

10/06/2017, 5:32 PM

the built one in GC

nilan

10/06/2017, 5:32 PM

to me it sounds the Auth0 user is not persisted in Graphcool, is that correct? the permission system only accepts tokens for users in Graphcool

panzupa

10/06/2017, 5:33 PM

Yes Nilan, I created a user manually in Auth0 (for testing). This user in not connected to any user in GraphCool.

nilan

10/06/2017, 5:33 PM

so, there's your problem 🙂

panzupa

10/06/2017, 5:34 PM

Can I manaully connect that auth0 user (via playground) to any exisiting user in GraphCool?

nilan

10/06/2017, 5:34 PM

it's more complicated with the built-in integration, and pretty straight forward with the resolver functions approach

panzupa

10/06/2017, 5:36 PM

@agartha In Auth0 console it's set to RS256

agartha

10/06/2017, 5:36 PM

Okay, then follow the steps in my reply to change the settings, because even with a user in Graphcool, the token will not be recognized with the default Auth0 settings

panzupa

10/06/2017, 5:37 PM

alright

panzupa

10/06/2017, 5:38 PM

I'm using Auth0 built in intergation by the way

panzupa

10/07/2017, 9:01 AM

@nilan so, the bottom line is that I need to have a GraphCool user (type

User

) assinged to Auth0 user to be able to fetch data that needs authentication, right?

panzupa

10/07/2017, 9:14 AM

I have created a user in GraphCool corresponding with a user in Auth0 by executing

Copy code

mutation createUser($token: String!){
  createUser(
    email: "<mailto:test@hireflow.net|test@hireflow.net>",
    authProvider: { auth0: { idToken: $token } }, 
    systemRole: USER
  ) {
    id
  }
}

panzupa

10/07/2017, 9:16 AM

I has been created with token from auth0 and I can see proper user id in auth0UserId field.

panzupa

10/07/2017, 9:16 AM

However I still get Insufficient Permissions

panzupa

10/07/2017, 9:34 AM

now it started working, with no particular reason (no code changes or configuration). that's strange

nilan

10/07/2017, 10:54 AM

difficult to remote debug in this case, but I expect your token was not set correctly, or the permissions weren't 😛

Open in Slack

Previous Next