Auth0 (JwtAuthProvider) Integration with ROS


#1

Hello,

I have been trying to setup Auth0 authentication with the latest version of ROS to no avail. My team and I have been following all the documentation and forum posts available, but nothing seems to be working.

Currently we are testing with the iOS client, Auth0 users are being created and we are able to return an ID Token that correctly verifies on jwt.io. Once we try to authenticate with Realm is where we run into the problem: “The provided credentials are invalid or the user does not exist” with a 401 code.

So my question is has anyone been able to successfully authenticate with Auth0? If so could you please share a code snippet of your server-side code that you use? If you happen to be using Swift and you have code for that as well we would definitely appreciate it as we’ve been running in circles for over a week.

Thanks!


#2

Can you share the server side logs when this error occurs?


#3

We are constantly running into this error:

{“type”:“https://realm.io/docs/object-server/problems/invalid-credentials“,”title”:“The provided credentials are invalid or the user does not exist.“,”status”:401,“detail”:“invalid signature”,“code”:611}


#4

I did indeed after help of @nirinchev :smiley: see my post


#5

Looks like the signature of your JWT is invalid. Can you post your jwt configuration (sharing the public key is safe) as well as a sample JWT? My guess is you made a typo or used incorrect line breaks when pasting the public key (the validator is a bit whimsical).


#6

This is our auth-server.js file:

let auth0 = new JwtAuthProvider(
{
    publicKey: '-----BEGIN CERTIFICATE-----\nMIIBIjANBgk\n-----END CERTIFICATE-----'
});

server.start({
    //…
    authProviders: [ auth0 ]
});

And here is the entire public key:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37GyCbFGxM9p1O4FTkfm
9jQP83a74Pk1ljmMND9J7DG2TrvDWyuAhqRrw4moCZk7GhmyH1Kr+EtHnMrQ8qrh
qA15hN9qs2H1xa0Rqf/RtJV5Mdf5FpH5Cv9n7cKuelt9H4ms0wFyt9YzCI1LZzEn
SYkJn00HOxhPUTlVBB2AHZOoNUYjc1EOH3V670zH3B1dbhbScTs6zeozPe7eIyCc
N7r8fqGcuLEw9RMJjsTnfyDsXaWwd33VjBlnXbCip/xe1fG+e/7xas/ebjIpXFFl
19AxZzSmtg7MtrYs6eWUFuuUbYvCM5RK47zZQrhFjt4udeptz3SiXSLnDKIzHhT2
9wIDAQAB
-----END PUBLIC KEY-----

We’ve tried a million different versions of this code (we actually based it off Chuck’s code from above). We’ve tried newlines at every 64 characters, no newlines, and the beginning and ends to no avail. This is our server_config.js:

const jwt = require('jsonwebtoken');
const fs = require('fs');
const key = fs.readFileSync('private.pem');
 
const payload = {
  userId: '123',
  };
    
  const token = jwt.sign(payload, { key:  key, passphrase: 'redacted' }, { algorithm: 'RS256'});

The thing with this file is we don’t exactly understand when it’s run or what the userId field is. It’s very possible this is where our problem is coming from. This is an example of our JWT token, which validates on jwt.io just fine:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1rSTVSalZFTURneU1FVkRSVE5HTURVNFJFVkNPVEl5UWtKRU5EUkdNalV6TTBGR04wUTJRZyJ9.eyJuaWNrbmFtZSI6InJpbGV5ZG5vcnJpczE0MCIsIm5hbWUiOiJyaWxleWRub3JyaXMxNDBAZ21haWwuY29tIiwicGljdHVyZSI6Imh0dHBzOi8vcy5ncmF2YXRhci5jb20vYXZhdGFyL2M4ZjBhYzhjNzUyMGZjOGYzZTQyZTEzZDliMDRmNDc1P3M9NDgwJnI9cGcmZD1odHRwcyUzQSUyRiUyRmNkbi5hdXRoMC5jb20lMkZhdmF0YXJzJTJGcmkucG5nIiwidXBkYXRlZF9hdCI6IjIwMTgtMDUtMDdUMjI6NTA6NTkuOTcwWiIsImlzcyI6Imh0dHBzOi8vc3ltcGxpYWN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1YWYwZDg1MzA0ZWIwYjI0M2YxZTUwMjIiLCJhdWQiOiJLR3FsaTk3SVNrenFoeFk2c2pvVVpWQjE1endmMmhWVSIsImlhdCI6MTUyNTczMzQ1OSwiZXhwIjoxNTI1NzY5NDU5fQ.Z8lp4Zj_67hHae6HWPvTSNQM3rCIcZkfjXMQsNqDGVzBADQ1PJR-kpisiI7UOxMzEu_pCN1Ly2xw4jcz_b6ppSR-EoLSyGiBeE0ZlwZmZT9SvTlXk93BUtybbI7n-mRrcsZ6LJ4_8GhnxwWSWjOpnjbTeZNKF7_UEmIi3I1gQNI7BTfLsc2dSEZkVFUcXZ9cJft6Mdr7dZm3QUKH1VS3liqiooTJ4WbUd3xpQdHpFcw5Gpjzs1_DCPt3RqaRz85AFBobse3LPvmGssHB9rroIIzL7Pv84MgeIKuj070s04xSGeURXPON0YVHWsidv73gwVRwVr74Kry2xi_7jAv8og

It’s a lot but if you could help I’d definitely appreciate it.


#7

@nirinchev Do you know of any updates about this?


#8

Can you try using this as your public key:

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIJXAyMBIolM5laMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNVBAMTE3N5bXBsaWFjdC5hdXRoMC5jb20wHhcNMTgwMzEzMDEzNDU2WhcNMzExMTIwMDEzNDU2WjAeMRwwGgYDVQQDExNzeW1wbGlhY3QuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nJWZsi+MBNLohmxNiptAHmTIT+PyrU12Mhnu//ainDjpwNLr+MIacpW4brqfcO3mahQFikifQSVTkcC9YdhxkM9tT7mm393OsOp97SKjZ3hvH7LCnkuo2YNPE8UztmEk4Obui9GgLUnZYIISbPufeHxWDVR7cOS5AgHac5iJ0DwEYSWIjmh2DDoExIWSEKnvtlhQ7cOdP+8D4g9cb3DnbqTIqeyg25jwlEzRCZVfr9O3zbUJmleDd2+tDqU3xlZGQR74gcpG/DKlH6x2dstYVzu7vKpePOUF4qrDKShGCb1Q7vMil9yPxCb6xgaYFboMf1pG+xLifFx8EZFoXJR2QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQuTo9OM/mOFlk3N3kFpY610URZwzAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADggEBAIU+8dR7X7HXiuRKqGedfQO9LDCUzUKccsfuTsVrXE8fcEBEGzUqMJvnWAsRqmZSfDyJ70e5edHFt36z8VgnUPfEljw2+hfOMESQUt51vJnpAnXC8gj+G34Zi0/5UfE+6TdX5/nM9j8V93R9mmsU2nNTNyHjlaMVTCQ2he55gjJ1J+ItZrMdm6h879AKZjwh8b2TTv7s67sxqbmL4VYfn+8CX/ydyjaKpoO3BgrTyU7fSL8pZ9iSWbdh5PXYMS83YS6hqU4LAubO1a0XIeig979eTewtoTjj1Y6rqFhqT+U+VvEZCuqRsqkpnF35XlOaO7k4/+HEoP4BjznIlQLdzrQ=
-----END CERTIFICATE-----

This is what jwt.io converted your public key to when I tried verifying your jwt token there. When trying to authenticate against ROS setup with this public key, I got an error that the token has expired which leads me to believe that the signature was verified correctly.