Comments (7)
Hi!
The error does look like Auth0 API error. It seems, the extension is getting all the files from the repo, but cannot authorize to Auth0 API to update the records.
Did you change the auth0-github-deploy
generic client in some way?
Could you please re-install the extension and see if that helps?
from auth0-deploy-extensions.
hi @zxan1285 !
no we didn't make any changes in the extension itself, we installed it on the extensions tab a while ago. the only change we made recently is updating it from 2.6 to 2.8. i'm going to reinstall it and i'll let you know if it helps.
edit: it's not related to the upgrade, it happens on a tenant with 2.6 as well.
from auth0-deploy-extensions.
so, we reinstalled the the extension, updated the webhook with the new secret and created a pull request in the repository. after we merged it the webhook delivered it to the extension but the extension couldn't update the tenant. the error is the same:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid token",
"attributes": {
"error": "Invalid token"
}
}
clicking on the re-deploy button in the row of failed deployment and clicking on the deploy button above the deployments were successful.
from auth0-deploy-extensions.
Thanks for trying @gex
and sorry for the inconvenience.
I wasn't able to reproduce the exact error so far.
Would you mind answering a few question, that could help me to investigate this?
Do you use auth0 cloud or PSaaS?
What's the region of the webtask (au, eu, us)?
Also, if you could check access_token
for the extension's client, that would help alot.
To get the access_token
, you need to send POST request to https://{your_domain}/oauth/token
with payload
{
"audience": "https://{your_domain}/api/v2/",
"client_id": "auth0-github-deploy client_id",
"client_secret": "auth0-github-deploy client_secret",
"grant_type": "client_credentials"
}
then use that access_token
to get something from API2:
GET https://{your_domain}/api/v2/clients
with Authorization: Bearer {access_token}
header.
from auth0-deploy-extensions.
Do you use auth0 cloud or PSaaS?
we use auth0 cloud, all 3 tenants are in the developer pro tier.
What's the region of the webtask (au, eu, us)?
the 3 tenants are in the same region (US (Prod)
) and the domains of the extension are *.us8.webtask.io
so i guess it's us
. but that's not something we could set or can change now.
Also, if you could check
access_token
for the extension's client, that would help alot.
the response of the /api/v2/clients
request:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid token",
"attributes": {
"error": "Invalid token"
}
}
so i checked the content of the token (redacted the sensitive parts):
{
"https://<our_domain>/email": "<our_email_address>",
"iss": "https://<tenant_name>.auth0.com/",
"sub": "<auth0-github-deploy client_id>@clients",
"aud": "https://<tenant_name>.auth0.com/api/v2/",
"iat": 1559146050,
"exp": 1559232450,
"azp": "<auth0-github-deploy client_id>",
"gty": "client-credentials"
}
and the first line (the email) reminded me that we created a hook because we're also using the authorization extension and to add permissions to machine to machine application tokens we cannot use rules.
is it possible that we broke the auth0-github-deploy by addig a custom hook?
the template for creating new hooks is like:
module.exports = function(client, scope, audience, context, cb) {
var access_token = {};
access_token.scope = scope;
// Modify scopes or add extra claims
// access_token['https://example.com/claim'] = 'bar';
// access_token.scope.push('extra');
cb(null, access_token);
};
so anything created before this hook is lost because we start with an empty access token.
from auth0-deploy-extensions.
Yep, the scope
is missing.
Adding
if (client.id === <auth0-github-deploy client_id>) {
return cb(null, { scope });
}
should fix the issue.
from auth0-deploy-extensions.
thank you @zxan1285 it solved the issue!
from auth0-deploy-extensions.
Related Issues (20)
- Issue with bitbucket deployment extension HOT 2
- Recent changes to cipher functionality have broken deployments HOT 1
- Support for branding HOT 1
- Mappings not working on Email Provider credentials HOT 1
- Please update changelog HOT 1
- Github integration is using deprecated Github APIs HOT 5
- Changes to tenant.yaml don't trigger update HOT 1
- Support multi-part repository name for GitLab HOT 2
- BASE_DIR seems to not work HOT 1
- Incomplete deployments on Github Deploy HOT 2
- Feature request: support for MS Teams webhooks HOT 2
- Node 12 Migration: Misconfiguration Error HOT 3
- Feature Request: Sharing files between multiple tenants HOT 1
- [Feature Request] Use deploy keys for GitHub integration HOT 1
- Github link in extensions still leads to old, archived repo
- BitBucket Deployment Extension v3.5 Not Working HOT 1
- Missing GitHub Deploy (and all extensions) functionality to manage Anomaly Detection HOT 3
- Migrate to Management API v2 Endpoint Paginated Queries HOT 1
- webauthn guardian factor violates schema - Fails deployment HOT 1
- BUG: Incorrect parsing of GitLab repository URL on v3.7 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0-deploy-extensions.