Closed AThilenius closed 2 years ago
Hi @AThilenius - thanks for raising this
I can't see anything wrong with the code you've shared, or how you've configured your tenant.
Could you share a repo of this app and I'll try running it against my tenant to debug.
Alternatively, BadRequestError: access_denied (Unauthorized)
shows the code exchange is failing (which I can confirm from your logs). You could try stepping through where openid-client
makes the /oauth/token
request and inspecting the payload (around here https://github.com/panva/node-openid-client/blob/main/lib/client.js#L1336) - it should look like this: https://auth0.com/docs/get-started/authentication-and-authorization-flow/add-login-auth-code-flow#post-to-token-url-example
@adamjmcgrath You're a gentleman and a scholar! I couldn't for the life of me figure out how to attach a debugger to the node-openid-client
code π€¦ββοΈ so I made a minimalistic reproduction case instead: https://github.com/AThilenius/auth0-next-error-repro It's a throw-away tenant, so I committed secrets in there as well. I also detailed every step I took start to finish.
Again, thank you for the help!
Hi @AThilenius - thanks for sharing that
I was able to login to your tenant successfully (see log id 90020220427140957004924896824767482335548639821059588098
in thilenius-next-test-02@us
) using that repo.
It must be something local to your environment - are you able to try it on another machine? You could also try nuking your node_modules
/package_lock.json
and reinstalling
AUTH0_BASE_URL='http://localhost:3000'
Also, try using double quotes instead of single quotes in your env file. I'm not sure, but windows might be turning them into "'http://localhost:3000'"
Interesting. I'm at a bit of a loss here.
I tried on OSX (node 14/17) with the same results. Then I deployed it to Heroku and it worked just fine. https://nextjs-auth0-issue-repro.herokuapp.com/
Started testing combinatorics... I tried yarn build
and yarn start
to see if it was a dev-build issue. Nope. I tried ngrok
to see if https
would help, no joy. Finally I tired Win (WSL2, so Linux/Ubuntu) on my mac, which I never use and that worked just fine π€¦ββοΈ Back on my desktop I tried a different port, I tried binding 0.0.0.0
and using 127.0.0.1, I tried going to chrome://settings/siteData
on Chrome and nuking data, I tried every browser I have installed. I think there is something, somewhere, cached in all my browsers from Auth0 development over the last year that is causing this. But I can't for the life of me figure out what lol.
Edit:
Actually the fact that proxying with ngrok
was the same result disagrees with my hypothesis. That was a unique domain name as far as my browser knows.
Ha ha ha. As is always the case with these types of tickets, I now get to tell you the super embarrassing reason for the issue... I had a different AUTH0_CLIENT_SECRET
being set in my zshrc that I forgot about π€¦ββοΈ
I realized something with my env was screwed up when I launched it in Docker and it worked just fine.
Huge thank you for your time @adamjmcgrath, I super appreciate it.
No worries @AThilenius - thank you for sharing! π
π Hi all. I'm almost positive this is user error, but I'm driving myself a little crazy playing spot-the-mistake. Hoping someone can offer some guidance.
Description
I consistently get
BadRequestError: access_denied (Unauthorized)
for my localhost test/api/auth/callback
route, on a totally clean tenant with aStandard Web App
and minimal changes to the example in this repo. I've tried going through the other suggestions online to no effect. If anyone can spot the flaw in my repro case, I would be immensely grateful!Reproduction
http://localhost:3000/api/auth/callback
to the Allowed Callback URLshttp://localhost:3000/
to the Allowed Logout URLsexamples/basic-example
package.json
and replace the deps with:.env.local
node -e "console.log(crypto.randomBytes(32).toString('hex'))"
to populateAUTH0_SECRET
Domain
from app, prependhttps://
to it forAUTH0_ISSUER_BASE_URL
yarn && yarn dev
localhost:3000
and try to login. All goes well, it asks for third party verification because this is localhost, then the error.Environment
Node 14.18.2 Windows 11, WSL2 Ubuntu Chrome, Firefox and Edge.