GithubHelp home page GithubHelp logo

Comments (7)

zxan1285 avatar zxan1285 commented on June 9, 2024

Hi!
The error does look like Auth0 API error. It seems, the extension is getting all the files from the repo, but cannot authorize to Auth0 API to update the records.
Did you change the auth0-github-deploy generic client in some way?
Could you please re-install the extension and see if that helps?

from auth0-deploy-extensions.

gex avatar gex commented on June 9, 2024

hi @zxan1285 !

no we didn't make any changes in the extension itself, we installed it on the extensions tab a while ago. the only change we made recently is updating it from 2.6 to 2.8. i'm going to reinstall it and i'll let you know if it helps.

edit: it's not related to the upgrade, it happens on a tenant with 2.6 as well.

from auth0-deploy-extensions.

gex avatar gex commented on June 9, 2024

so, we reinstalled the the extension, updated the webhook with the new secret and created a pull request in the repository. after we merged it the webhook delivered it to the extension but the extension couldn't update the tenant. the error is the same:

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid token",
  "attributes": {
    "error": "Invalid token"
  }
}

clicking on the re-deploy button in the row of failed deployment and clicking on the deploy button above the deployments were successful.

from auth0-deploy-extensions.

zxan1285 avatar zxan1285 commented on June 9, 2024

Thanks for trying @gex
and sorry for the inconvenience.

I wasn't able to reproduce the exact error so far.
Would you mind answering a few question, that could help me to investigate this?
Do you use auth0 cloud or PSaaS?
What's the region of the webtask (au, eu, us)?

Also, if you could check access_token for the extension's client, that would help alot.
To get the access_token, you need to send POST request to https://{your_domain}/oauth/token with payload

{
  "audience": "https://{your_domain}/api/v2/",
  "client_id": "auth0-github-deploy client_id",
  "client_secret": "auth0-github-deploy client_secret",
  "grant_type": "client_credentials"
}

then use that access_token to get something from API2:
GET https://{your_domain}/api/v2/clients with Authorization: Bearer {access_token} header.

from auth0-deploy-extensions.

gex avatar gex commented on June 9, 2024

Do you use auth0 cloud or PSaaS?

we use auth0 cloud, all 3 tenants are in the developer pro tier.

What's the region of the webtask (au, eu, us)?

the 3 tenants are in the same region (US (Prod)) and the domains of the extension are *.us8.webtask.io so i guess it's us. but that's not something we could set or can change now.

Also, if you could check access_token for the extension's client, that would help alot.

the response of the /api/v2/clients request:

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid token",
  "attributes": {
    "error": "Invalid token"
  }
}

so i checked the content of the token (redacted the sensitive parts):

{
  "https://<our_domain>/email": "<our_email_address>",
  "iss": "https://<tenant_name>.auth0.com/",
  "sub": "<auth0-github-deploy client_id>@clients",
  "aud": "https://<tenant_name>.auth0.com/api/v2/",
  "iat": 1559146050,
  "exp": 1559232450,
  "azp": "<auth0-github-deploy client_id>",
  "gty": "client-credentials"
}

and the first line (the email) reminded me that we created a hook because we're also using the authorization extension and to add permissions to machine to machine application tokens we cannot use rules.

is it possible that we broke the auth0-github-deploy by addig a custom hook?

the template for creating new hooks is like:

module.exports = function(client, scope, audience, context, cb) {
  var access_token = {};
  access_token.scope = scope;

  // Modify scopes or add extra claims
  // access_token['https://example.com/claim'] = 'bar';
  // access_token.scope.push('extra');

  cb(null, access_token);
};

so anything created before this hook is lost because we start with an empty access token.

from auth0-deploy-extensions.

zxan1285 avatar zxan1285 commented on June 9, 2024

Yep, the scope is missing.
Adding

if (client.id === <auth0-github-deploy client_id>) {
    return cb(null, { scope });
  }

should fix the issue.

from auth0-deploy-extensions.

gex avatar gex commented on June 9, 2024

thank you @zxan1285 it solved the issue!

from auth0-deploy-extensions.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.