"Unauthorized" error when authenticating via Auth0

[jellybob]

My Phoenix application is failing in the auth callback because the only response I can get from Auth0's token endpoint is "Unauthorized". I can use the same client ID/secret in Ruby's OAuth2 library, so I'm pretty confident its not a configuration issue. I also see the same behaviour when I try using the underlying Elixir OAuth2 library from an Elixir console.

Is this something you've seen before? I'm pretty stumped at this point, but would love to be able to use this library.

[sntran]

Is there a way you can reproduce the issue with a small example? This library is very simple and just uses OAuth2, and I did not have any issue.

I would definitely love to work with you to trace the issue out.

[jellybob]

https://github.com/jellybob/traverse/tree/auth0-debugging/web is the code I'm working with. There's basically nothing there at the moment other than ueberauth, and enough Javascript to trigger the Auth0 dialog.

[sntran]

Would you mind double checking the following:

• Add localhost:4000 in Auth0 callback URLs and CORs setting?
• Enable database connection so I could try to login using different methods?

[jellybob]

Done - http://localhost:4000/auth/auth0/callback was already in the call back list, but I've added the root as well now. Nothing was in CORS.

[sntran]

My initial debug shows two things:

• scrogson/oauth2 v0.7 changed the API to make request with the token. I'll push a fix tomorrow to use the new API - It's late where I am currently staying.
• When I switched to my Auth0 config, login with Auth0 lock works in your application. You said you could use Ruby OAuth2 library with the same client_id/secret, so there may be some encoding issue when making requests. I'll give it more testing.

[sntran]

Hi @jellybob ,

I have pushed a patch to use the new oauth2 version. Please give it a try.

[jellybob]

Thanks, just updated and its working now :)