Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quickstart guide no longer valid #60

Open
4 tasks done
josh-bell-colab opened this issue Oct 22, 2023 · 3 comments
Open
4 tasks done

Quickstart guide no longer valid #60

josh-bell-colab opened this issue Oct 22, 2023 · 3 comments

Comments

@josh-bell-colab
Copy link

Checklist

  • I have looked into the Readme and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

Following this tutorial:
https://auth0.com/docs/quickstart/backend/golang#validate-access-tokens

validating custom claims is no longer working.
I can validate the jwt but cannot get custom claims.

Reproduction

Repoduce steps:

  1. Setup an auth0 api describe here: https://auth0.com/docs/quickstart/backend/golang#create-an-api
  2. git clone [email protected]:auth0-samples/auth0-golang-api-samples.git
  3. create a .env file in the root of the cloned project with the api from above
  4. This token was grabbed from: https://manage.auth0.com/dashboard/us/dev-aelumhqjxjwyvowv/apis/65340d421cfbcc839d0af2ed/test
curl --request GET \                                                                                                                                                                                      FeatureFlagging
 --url http://localhost:3010/api/private-scoped \
 --header 'authorization: Bearer SOME_TOKEN
  1. response {"message":"Insufficient scope."}

Additional context

Theres even a section that lets you examine the jwt from the dashboard but says scopes

{
  "iss": "https://dev-aelumhqjxjwyvowv.us.auth0.com/",
  "sub": "ZXfvxk0RCZFjwJyRkCTGp5JJi1nFaf69@clients",
  "aud": "http://backend/",
  "iat": 1697985763,
  "exp": 1698072163,
  "azp": "ZXfvxk0RCZFjwJyRkCTGp5JJi1nFaf69",
  "gty": "client-credentials",
  "permissions": []
}
@josh-bell-colab
Copy link
Author

I was able to get this example working, but updating the docs would help people in the future.

First you need to enable RBAC and Permission under API settings
Screenshot 2023-10-22 at 12 32 35 PM

Then you need to specifically enable the permissions under applications > machine user > apis
the select permissions you want to send
Screenshot 2023-10-22 at 12 32 59 PM

Then they will finally show up

{
  "iss": "https://dev-aelumhqjxjwyvowv.us.auth0.com/",
  "sub": "ZXfvxk0RCZFjwJyRkCTGp5JJi1nFaf69@clients",
  "aud": "http://backend/",
  "iat": 1697988893,
  "exp": 1698075293,
  "azp": "ZXfvxk0RCZFjwJyRkCTGp5JJi1nFaf69",
  "scope": "user:read read:appointments",
  "gty": "client-credentials",
  "permissions": [
    "user:read",
    "read:appointments"
  ]
}

@ewanharris
Copy link
Contributor

Thanks for raising this @josh-bell-colab, had you created your API through the quickstart or were you using an existing one? I wonder if we can simplify the setup there

@josh-bell-colab
Copy link
Author

Yeah I was following this quick start, which doesnt mention these steps:
https://auth0.com/docs/quickstart/backend/golang#create-an-api

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ewanharris @josh-bell-colab