Trying to pinpoint where some errors are coming fr...
# prisma-whats-newc
cartogram
03/21/2017, 8:34 AMTrying to pinpoint where some errors are coming from (auth0 or graph.cool), but it would be helpful to know if anyone our there has actually done this.
n
nilan
03/21/2017, 8:37 AM@cartogram hey our Auth0 integration currently only works with HS256 encoded tokens and not with RS256 ones
nilan
03/21/2017, 8:37 AMyou can change the settings of your Auth0 client to use the HS256 algorithm
c
cartogram
03/21/2017, 8:43 AMRight, I discovered that one already, do you know if the token contains more than just a scope of
openidcartogram
03/21/2017, 8:44 AMI am currently up against this error, https://github.com/auth0/auth0.js/issues/391, and wondering if it is the cause of a token error with Graph cool or if it is something else.
n
nilan
03/21/2017, 8:47 AMhmm I don't understand that one. can you describe what you want to do?
c
cartogram
03/21/2017, 8:49 AMI just want to login using a the response form the auth0-js library, not the lock.
cartogram
03/21/2017, 8:50 AMbut when i send the token response from the webAuth.login method, GC says the token is invalid.
n
nilan
03/21/2017, 8:50 AMhmm the issue describes another topic, how are the two related?
c
cartogram
03/21/2017, 8:51 AMIf I replace the token in local storage with one received from Lock, it works, so I am wondering what is invalid about the token received from auth-js
n
nilan
03/21/2017, 8:51 AMcould you verify the token manually on jwt.io?
nilan
03/21/2017, 8:52 AMI've seen issues where the obtained token is still RS256 under certain circumstances, even though the client setting is HS256
c
cartogram
03/21/2017, 8:52 AMThe issue i posted is describing the scope value in the auth0-js library not working. This is related because the scope impacts the size of the token and could possibly be why GC throws an error.
cartogram
03/21/2017, 8:53 AMYeah I got that one already, even with Lock, if you have HS256, it gives the same token invalid error.
cartogram
03/21/2017, 8:53 AMI can get a successful token via Lock, I am wondering why I can't with auth0-js
cartogram
03/21/2017, 8:54 AMI'll do a test with jwt.io
cartogram
03/21/2017, 8:58 AMOK got invalid signature
n
nilan
03/21/2017, 9:02 AMsoo do you use multiple clients?
c
cartogram
03/21/2017, 9:04 AMno, just a web app
cartogram
03/21/2017, 9:04 AMapollo
n
nilan
03/21/2017, 9:05 AMI mean multiple Auth0 clients
nilan
03/21/2017, 9:05 AMdid you double check that you are pasting the correct client secret to jwt.io?You can copy it from Your Auth0 client settings
c
cartogram
03/21/2017, 9:07 AMyeah
cartogram
03/21/2017, 9:07 AMThis is also related, https://auth0.com/forum/t/auth0-returning-jwt-token-rs256-token-instead-hs256/5408
cartogram
03/21/2017, 9:07 AMwhich would make sense with what you are saying, the token generated from auth0-js is coming up as RS256 on jwt.io
cartogram
03/21/2017, 9:19 AMhttps://auth0.com/forum/t/not-able-to-set-signing-algorithm-to-hs256/5432/4 basically, if its a brower-based application (mine is) use v7
cartogram
03/21/2017, 9:20 AMotherwise you will be stuck with RS256
n
nilan
03/21/2017, 9:20 AMright. Is that an option for you?
c
cartogram
03/21/2017, 9:22 AMYeah thats fine, I'm more familiar with v7 anyways, but before I refactor, What is the likely-hood of GC supporting RS256 in the future?
n
nilan
03/21/2017, 9:23 AMwe will support it pretty certainly, but it will take some time 🙂 I think switching now to v7 is justified
c
cartogram
03/21/2017, 9:23 AMAlright, thanks Nilan! Glad to have gotten to the bottom of it.
n
nilan
03/21/2017, 9:24 AM👍 glad to be of help
c
cartogram
03/22/2017, 6:58 AMHey @nilan just fyi, I'm using v7 of auth0-js, and it worked as expected. You may want to let any other poor souls know not to use v8 with graph.cool.
cartogram
03/22/2017, 6:59 AMalso new schema dashboard is 👌
n
nilan
03/22/2017, 7:53 AMawesome! 🙂