Title
c

cliff76

07/26/2018, 11:51 PM
I'm fighting this error:
The provided idToken is invalid. Please see <https://auth0.com/docs/tokens/id_token> 5 for how to obtain a valid idToken
b

brandon

07/26/2018, 11:54 PM
I don't know if you're using react and onComponentMount, but maybe the user isn't being set when you are creating the user before asking for the token.
do you have the code you can show us?
f

Fran Dios

07/27/2018, 2:15 AM
I have a boilerplate with Prisma, Auth0 and Vue. Even if you don’t use Vue it could be helpful: https://github.com/frandiox/vue-graphql-enterprise-boilerplate/blob/master/src/services/auth.js
👍 1
c

cliff76

07/27/2018, 4:18 PM
@Brandon Sure, here's the ctor and authProcess from my AuthService class:
constructor() {
        this.lock = new Auth0Lock(clientId, authDomain, {
            auth: {
                params: {
                    scope: 'openid email'
                },
                responseType: "id_token",
            },
        });

        this.showLock = this.showLock.bind(this);

        this.lock.on('authenticated', this.authProcess.bind(this));
        this.lock.on('authorization_error', this.authError.bind(this));
    }

    authProcess = (authResult) => {
        console.log(authResult);
        const { email, exp } = authResult.idTokenPayload;
        const idToken = authResult.idToken;
        this.signinUser({idToken, email,exp})
            .then(success => {
                    return success
                },
                    rejected =>  {
                this.createUser({idToken, email, exp})
             })
    };
I read that GraphQL doesn't support RS256/OIDC so I disabled OIDC and switched to HS256.
When I switch to HS256 I get this on sign ing in chrome dev tools:
{error: "invalid_token", description: "The id_token cannot be validated because it was signed with the HS256 algorithm and public clients (like a browser) can’t store secrets. Please read the associated doc for possible ways to fix this. Read more: <https://auth0.com/docs/errors/libraries/auth0-js/invalid-token#parsing-an-hs256-signed-id-token-without-an-access-token%22error|https://auth0.com/docs/errors/libraries/auth0-js/invalid-token#parsing-an-hs256-signed-id-token-without-an-access-token"error>: "invalid_token"}
oh wait, I think I made a little progress just now. I switched my responseType to
responseType: "token id_token"
and now login doesn't throw an error.
Instead I get an error on my mutation SigninUser:
Optimistic query for `createUser`
createRequestError.js:21 Uncaught Error: Server request for `mutation SigninUser` failed by the following reasons:

1. No user found with that information
     signinUser(input:$input_0) {
     ^^^
    at new RRNLRequestError (createRequestError.js:21)
    at createRequestError (createRequestError.js:92)
    at fetchWithMiddleware.js:53
I have these 2 methods for signing in and creating users:
createUser = (authFields) => {
        return new Promise((resolve, reject) => {
            Relay.Store.commitUpdate(
                new CreateUser({
                    email: authFields.email,
                    idToken: authFields.idToken
                }), {
                    onSuccess: (response) => {
                        this.signinUser(authFields);
                        resolve(response);
                    },
                    onFailure: (error) => {
                        console.log('Error while creating user:',error);
                        reject(error);
                    }
                }
            )
        });
    };

    signinUser = (authFields) => {
        return new Promise((resolve, reject) => {
            Relay.Store.commitUpdate(
                new SigninUser({
                    idToken: authFields.idToken
                }), {
                    onSuccess: (response) => {
                        this.setToken(authFields);
                        resolve(response);
                    },
                    onFailure: (error) => {
                        console.log('Error while signing in user:',error);
                        reject(error);
                    }
                }
            )
        });
    }
oh wait... I think this is the way the code is supposed to work. It throws an error then creates the user on the fly.
d

divyendu

07/27/2018, 4:42 PM
@cliff76: Can you please move this to a forum post? Or keep the messages inside this thread 🙂
Happy to help!
c

cliff76

07/27/2018, 4:43 PM
sounds good, thanks!
👍 1