we're trying to build a client-only app but are worried about requesting an access token using the client secret (which would have to be hardcoded within the client code)
is there another way around this?
i notice that during a normal client login (through the angular auth.signin), the response contains an "accessToken"
but it's not the same kind of access token (it's much shorter)
i'd like to obtain an access token that I can use to query against the Auth0 api (to obtain user information) from the client only
if possible
chrisronline has quit
bryan_integrity joined the channel
salimh joined the channel
bryan_integrity has quit
salimh
Hi guys, one of our customers is having trouble with both Sign Up and Log In, and it's unclear from auth0 dashboard if they are a registered user or not.
* Sign Up: Auth0 widget error says "The user already exists."
* Auth0 dashboard: indicates there is no such user.
* Password reset: According to logs in Auth0 dashboard, the user attempted a password reset but "User does not exist."
Sorry, I wasn't sure if there was something wrong with my client.
yenkel has quit
rolodato
no problem :)
yenkel joined the channel
adam8810
Anyway, I'm wondering if there's a way for me to send scopes to auth0 when logging in through Google Apps. I'm hoping to send scopes at login so the user object I get back after a successful login have the permissions from my database
I'm using the Angular auth.signin function and passing scope "openid users workorders" but it seems that only openid is sent
rolodato
so, you’ve stored these permissions in the Auth0 user’s profile?
adam8810
I have a rule that is grabbing the scopes from the context.request.query.scope object and passing those to my database but, like I said, I only get "openid"
rolodato
are you using Auth0’s database or your own database?
adam8810
My own
I'm making an api call which passes the user's email and the scopes and it responds with the ACL for those supplied scopes
really the question is: Is it possible to send scopes other than "openid" when logging in via google apps?
The auth0-angular documentation doesn't have any information about scopes so I'm wondering if I'm not using the signin function correctly
rolodato
yes, it should be possible
are you returning that metadata in your database login script?
as part of the user’s profile, that is
adam8810
I don't think I explained this very well... At this point I'm not using Auth0's database login. I'm using a "Sign in with Google" button which pops up for a google sign in.
rolodato
oh, sorry, I meant if you’re storing that metadata in the user’s profile after calling your DB in the rule
adam8810
So it appears that the scopes I'm passing are going directly to Google and Auth0's rule I have never receives those. Does that make sense?
rolodato
yes, I understand
could you PM me your Auth0 email? that way I can take a look at your setup
adam8810
That's the plan. But the rule never receives the additional scope params so the user.permissions is never populated correctly
sure
rolodato
thanks :)
taking a look now
adam8810 has quit
adam8810 joined the channel
adam8810: I’m looking at you’re rule, and it looks like you’re never saving “workorders” to the user’s profile
adam8810
The rule is never getting the workorder scope parameter. So it can't get the proper permissions to add.
from context.request.query.scope
workflow is: rule receives scope "workorder"; rule sends a request to my api with user email and "workorder" scope; api responds with permission: {workorder: {create:true, read:true, update:false, delete:false}}; rule sets the returned permission object to user.permissions and calls the callback(null, user, context);
rolodato
I see
rob_curtis joined the channel
I believe the problem is that, since you are not specifying “permissions” as part of your scopes, Auth0 won’t return it
adam8810
so it's the first step in the process that isn't working
rolodato
if you store something to the user’s profile and never request it with scopes, it won’t be returned
rob_curtis
Hi, is it possible to query users (stored on auth0) from inside a rule? So I have the logged in user but I need to query for related user on Auth0, is this possible?
rolodato
so if I’m understanding correctly, what this rule will do is call your API but return the same profile
rob_curtis
I suppose I could do it via our API...
but I kinda wanted to keep it all encapsulated on the rule.
rolodato
hi rob_curtis
rob_curtis
Hi Rolodato
rolodato
what kind of query do you want to do from inside the rule?
rob_curtis
We have adfs users, but we also want to provision username and password for those users (some legacy applications need u/p)
so to prevent the u/p users going "stale", I wanted to update them whenever an adfs user logs in
(that way, if they leave the company, they can't keep using our services)
However, as I type this, it sounds like I need to create an api endpoint on our end, which does an update of the "linked" user on Auth0.
adam8810
@rolodato I'm pretty sure that the rule is _only_ getting "openid" in the context.request.query.scope parameter.
rolodato
adam8810: that’s odd, could you try setting ‘openid profile’ as the scope as a test?
the returned token should contain a lot more claims in that case
by the way, are you using Google Apps enterprise or just regular Google login?
adam8810
Google Apps for Business
rolodato
so, rob_curtis
you can call an API from a rule by using request
rob_curtis
by "an API" do you mean an external api (i.e. our api?) or do you mean I can call Auth0 API directly?
rolodato
well, any API really :)
adam8810
rolodato: The reason I know that the rule is not receiving any other scope parameter is because I can see the request on my API side. So I'm outputting the scopes requested and it's only "openid"
rolodato
that’s odd, I’ll take a better look
rob_curtis: you can call Auth0’s API just like if you were calling it from anywhere else
rob_curtis
rolodato, that makes sense:) Will check docs to get better understanding.
thanks
rolodato
great, let me know if you need any more help :)
ozooner joined the channel
adam8810: by the way, what auth0-angular version are you using?
adam8810
latest
upgraded yesterday
3.0.4 I believe
yep
rolodato
ah, in that case you’ll need to send the scopes inside authParams