Unknown iss claim in authorization token error with 8base auth

emroussel · July 21, 2020, 1:08am

I’m getting the following error when trying to fetch information about the logged in user after creating a new 8base authentication profile:

"Unknown iss claim in authorization token. Unable to find authentication profile with discovery endpoint https://8baseapp.auth0.com/."

Login works fine and I made sure that the idToken I get from the userLogin is correctly being passed in the authorization header. This same flow was working with the previous authentication profile I had, but it started breaking with the new one.

I thought the problem might be that the user was created with a different authentication profile, but I’m running into the same issue with newly created users. Am I missing something obvious? I can consistently reproduce on my project by doing this:

Create a new authentication profile
Create a new user under that profile using the userSignUpWithPassword mutation
Login with that user using userLogin
Pass the idToken from the login mutation to the authorization header and fetch that user’s info using the user query

sebastian.scholl · July 21, 2020, 5:37pm

Hey! what kind of authentication profile did you create?

emroussel · July 21, 2020, 5:50pm

The basic 8base one:

oldwyn · July 27, 2020, 2:15pm

@sebastian.scholl any follow-up on this one? I also found similar error when trying to add google login which integrated with firebase (difference only on the endpoint url).

I followed the steps from this one: https://github.com/8base/8base-firebase-auth-example/tree/master/client

sebastian.scholl · July 27, 2020, 7:55pm

This is odd… I’m getting it to work following the same steps.

Is the user being added to your workspace users table?
Can you share (without secrets!) the config for initializing the 8base Auth module in your client app?

oldwyn · July 28, 2020, 2:41am

oh, my bad. When I look again at the source code, turns out I use wrong id token when executing mutation. Sorry for the inconvenience.

emroussel · July 28, 2020, 2:01pm

I am still experiencing the issue with the steps I described above. I’m using the id token I get from the userLogin mutation and am able to decode it correctly on the frontend, but I get Unknown iss claim in authorization token. Unable to find authentication profile with discovery endpoint https://8baseapp.auth0.com/. when making requests to 8base with it.

It’s possible that I’m missing something, but I’m not really able to do any troubleshooting on my side. Authentication is also working fine when I connect my own Auth0 account, it’s just not working with the 8base one.

stevenwaller · August 8, 2020, 10:15pm

I’m running to the same error. I am using the 8base Authentication profile and can see the user in my workspace users table.

Here is how I am setting things up using Apollo 2 based on the docs

import React from 'react'
import ReactDOM from 'react-dom'
import Cookies from 'js-cookie'

import { ApolloProvider } from 'react-apollo'
import { ApolloClient } from 'apollo-client'
import { InMemoryCache } from 'apollo-cache-inmemory'
import { createHttpLink } from 'apollo-link-http'
import { setContext } from 'apollo-link-context'
import { onError } from 'apollo-link-error'
import { ApolloLink } from 'apollo-link'

import App from './App'

const httpLink = createHttpLink({
  uri: 'https://api.8base.com/###',
  credentials: 'same-origin'
})

const authLink = setContext((_, { headers }) => {
  const token = Cookies.get('idToken') // cookie was previously set by login form

  return {
    headers: {
      ...headers,
      authorization: token ? `Bearer ${token}` : ''
    }
  }
})

const client = new ApolloClient({
  link: ApolloLink.from([
    onError(({ graphQLErrors, networkError }) => {
      if (graphQLErrors) {
        graphQLErrors.forEach((graphQLError) => {
          console.log('[GraphQL error]', graphQLError)
        })
      }

      if (networkError) {
        console.log('[Network error]', networkError)
      }
    }),
    authLink.concat(httpLink)
  ]),
  cache: new InMemoryCache()
})

ReactDOM.render(
  <ApolloProvider client={client}>
    <App />
  </ApolloProvider>,
  document.getElementById('root')
)

oldwyn · August 9, 2020, 3:35am

I’m also running to the same error. I’m using firebase integration, which was working well before (like what I mentioned days ago), but then the error occurred since last Thursday, and haven’t been fixed until now. I’m using the same id token that works before.

stevenwaller · August 9, 2020, 9:57pm

I created a GitHub repo with a basic example that shows the error being thrown. The README has info on how to run it.

sebastian.scholl · August 10, 2020, 4:16pm

Hey guys!

We’re doing some work on our authentication currently. I’d highly recommend using your own Auth0 in the meantime.

That said, I ran through the steps this weekend of getting auth working and was able to do so successfully. Can you please share more about your configuration for handling auth? It looks like everyone is correctly setting the Authorization: Bearer <token>, however I’m not seeing anything on how the user is getting authenticated or the auth module being initialized.

Thanks!