Error when using Auth0 JWT tokens for a request

Alejandro · July 17, 2020, 12:22am

Hi,

I'm using auth0 for authenticating with my API the problem is that when I try to connect to make the request:

error:"[{"extensions":{"path":"$","code":"invalid-jwt"},"message":"Could not verify JWT: JWSError (CompactDecodeError CompactDecodeError: Expected 3 parts; got 1)"}]"

On my resource setup I have chosen OAuth 2.0 as the authentication method and I fill the requested parameters, everything seems okay and when i test out with the button

"Test OAuth integration with your own account"

I'm sent to auth0 were I login correctly, then I'm redirected back to the resource and on the Access Token parameter now I have ---encrypted on server---

But when I sent a request to the resource I get the previous error.

Any ideas?

Is there a way to see what is the exact request that retool is using, supposedly it should be sending the Token in the Header Authorization: Bearer OAUTH2_TOKEN but I feel that OAUTH2_TOKEN is not being sent. Where can I see the current value for OAUTH2_TOKEN?

Thanks,
Alex

alex-w · July 17, 2020, 5:46pm

Hey Alejandro!

If you go into a Retool app and create a query to this resource (after having authenticated it), when you preview the query you’ll be able to expand the request --> headers field in the JSON.

If the token isn’t being passed in from the OAuth2 workflow, it will say a literal BEARER OAUTH2_TOKEN string

If it is passing in the token, that will say Bearer [some_real_token] instead. If that’s the case, then the token which is being returned from that OAuth workflow isn’t what this API is expecting to use for it’s authentication

Alejandro · July 17, 2020, 5:58pm

Can you help me out on how to do this? I haven’t found where can I do this.

Thanks!

alex-w · July 17, 2020, 6:02pm

This will be inside of the request metadata here inside the editor:

Since this is a JWT token, there’s also a chance that it’s not being returned as a standard key name and wouldn’t be picked up in the standard OAuth2.0 authentication workflow. If that’s the case, you might be able to get this working in a custom auth workflow that uses OAuth2.0 as a step

Alejandro · July 17, 2020, 6:08pm

My request is to a GraphQL resource, is there a way to see the request metadata in this kind of resouce? It appears that this is only available to (restapi) resources.

Thanks!

everett · July 22, 2020, 5:10pm

hey @Alejandro! You can see the request metadata for all of the available resources in Retool within that query preview window. Here’s what it looks like for a GraphQL query:

Are you looking for a specific key/value in the metadata (that you’re not seeing now)?

Alejandro · July 22, 2020, 5:27pm

I don’t see the metadata if there’s an error on the request:

What I’m trying to see are the headers of my request.

Thanks!

everett · July 22, 2020, 5:36pm

Ahhh, gotcha! You can view the request parameters via the DevTools network tab. You’ll want to look at the “preview” request details > under the Request tab > and then under “userparams”:

Alejandro · July 22, 2020, 5:44pm

Thanks for the quick reply!

I tried to debug the request and add it a custom header but still on userParams on the “headerParams” I didn’t see anything

Any ideas?