I am developing a react native mobile app using auth0 and graph.cool. I've configured the client credentials properly within graphcool. When I try to create a new user by calling the createUser mutation with the id_token received back from auth0 I keep getting GraphQL Error: The provided idToken is invalid. Please see https://auth0.com/docs/tokens/id_token for how to obtain a valid idToken.
I have also changed the JsonWebToken Signature Algorithm from RS256 to HS256 but that is not working either. I am using the id_token generated from the authentication API after logging in a user by using the /oauth/token endpoint. I would greatly appreciate any help on this topic. Thanks in advance.
Related
I cannot replicate the example regarding the authentication with JWT using graphql and provided in the tutorial https://www.howtographql.com/graphql-python/4-authentication/. The "me" query does always fails cause we get the value AnonymousUser from info.context.user instead of the authenticated user by the JWT token in the http header.
Did anyone face this problem before?
Many thanks in advance,
I am developing an iPhone application to demonstrate the MFA using sms factor with MFA APIs for POC. I am using the authorisation flow for getting my access token (where I get a authorisation code and redeem it for an access token)earlier to MFA implementation. From the documentation, I found out that I need an MFA_token to work with MFA APIs. I added few changes with my existing authorisation process.
I am getting an MFA Token by doing the following steps:
Added scope enroll read:authenticators to authorisation endpoint( i.e. “https://<my_domain>/authorize”)
Added an audience:
https://<my_domain>/mfa to the authorisation endpoint
Then I make a post request to token endpoint with authorization code to get the mfa_token.
The only changes I can observe is now the access token(which I presume to be the mfa_token) is in jwt format with expire time 600 sec. By using this access token(=mfa_token)
I built a custom pages for my user for enrollment and challenging the user via sms.
I am able to enroll user, confirm enrollment using this access token.
But when I challenge an user using this access token I get the following error after https://YOUR_DOMAIN/mfa/challenge call.
{
“error”: “invalid_grant”,
“error_description”: “Malformed mfa_token”
}
Can anyone please say me where I am going wrong?
Is the access token same as the MFA_Token in my case?
Thanks in Advance!
I think the access_token only serves as mfa_token during OOB/device registration. Thenafter, the user will get an mfa_token during auth, which is passed for MFA/OTP challenges
https://auth0.com/docs/login/mfa/ropg-mfa/manage-authenticator-factors-mfa-api#resource-owner-password-grant
I need to get access_token from Keycloak.
Currently, I am getting grant_type = client_credentials and client_id, client_secret;
But due to some system requirements, we need to use implicit flow. But I can't get the password so I can't get the token with grant_type = password.
I use react native and am using curl to get tokens.
Is there any solution that can help me? Please
I've just started with the oauth2 and xero (using .net)
I've run through the scoop install, following the docs, grant type of 'authorization_code', scope of 'd', which gave me the access and refresh tokens.
Now when running the example project, XeroNetStandardApp, after replacing client id, secret, callback uri and tokens, I'm getting a 401 when I try to do anything after retrieving the new token.
The token refresh appears to be working fine. If I call https://api.xero.com/connections with the bearer, I get [] (so, no elements in the response), so I assume this is some type of user auth error, but I'm at a bit of a loss as to what I do here.
Any help would be much appreciated
When setting up xoauth via powershell, explicitly set the scopes you are wanting the user to have. This seems obvious to me now, but didn't while I was following the setup instructions
I've been experimenting with Cognito for a few days, and I am now testing the Built-in signing UIs. I have managed to get it working, I am able to see the login page and successfully login with a User I have created. For my callback URL I'm using localhost:3000 as a testing ground, where I'm running a React SPA.
However, I am at a complete loss about what to do once I'm redirected. The documentation says I should get a URL with a JWT as a query parameter. Instead, I'm getting a URL of the form:
localhost:3000/?code=########-####-####-####-############
where # is an alphanumeric character. I don't recognize this code, I don't think it is a JWT. I would highly appreciated it anyone could:
explain what it is
direct me to any kind of documentation on how to use it?
After redirection, You are getting localhost:3000/?code=########-####-####-####-############
This means you have enabled code grant flow
This code is used to get the tokens from Amazon Cognito.
Request Type: POST
URL: https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
PayLoad:
grant_type=authorization_code&
client_id=<CLIENT_ID>&
code=<AUTHORIZATION_CODE>&
redirect_uri=com.myclientapp://myclient/redirect
Here you can see we are passing code in the payload with redirect url.
The response of this POST request will be your tokens ( If Successful authentication :) )
Sample Response:
{
"access_token":"eyJz9sdfsdfsdfsd",
"refresh_token":"dn43ud8uj32nk2je",
"id_token":"dmcxd329ujdmkemkd349r",
"token_type":"Bearer",
"expires_in":3600
}
You can save this token in your localstorage or sessionstorage for further custom authentication.
Please refer all the available endpoints of amazon cognito for more details.
Ex:
Authorization Endpoint
Token Endpoint
I hope now it makes clear to you!