Using Auth0 Passwordless Email Connection

gahabeen · November 26, 2020, 1:04pm

Hi there,

Has anyone successfully managed to implement Auth0 Passwordless (via email) with 8base?

I’m struggling on to how/when the user needs to be created and then linked to a new user entry in 8base.

Any input? Maybe @akinduko @sebastian.scholl

Thanks

gahabeen · November 26, 2020, 3:43pm

So, after some more testing, I ended up finding the right flow (I think). (It still fails though… :/)

Auth0 - Send a code by email (/passwordless/start)
Auth0 - Authenticate the pair email/code (/oauth/token) and get an id_token
8base - Run “userSignUpWithToken” with appropriate idToken, authProviderId and user{email}

Here is my graphql mutation:

  mutation($authProfileId: ID!, $email: String!) {
    userSignUpWithToken(authProfileId: $authProfileId, user: { email: $email }) {
      id
    }
  }

That I run as follow:

 await ctx.api
        .gqlRequest(
          USER_SIGN_UP_WITH_TOKEN,
          {
            authProfileId: process.env.AUTH_PROFILE_ID,
            email,
          },
          {
            // Tried both solutions seen in the doc
            // authorization: id_token,
            headers: {
              Authorization: `Bearer ${id_token}`,
            },
          }
        )

And it fails returning:

"Email in JWT token doesn't match email passed into mutation."

When clearly the JWT token contains the same email.

Then when testing through Postman manually for the same request, I end up getting a NotAuthorizedError returning:

"You don't have permission to perform this operation"

Any idea @sebastian.scholl on why it may fail? May role settings alter this process flow?

gahabeen · November 26, 2020, 4:51pm

Nevermind, I had a trigger before Users.create which was creating relationships and I guess something.

I’ll come back here to give a clear “How-to Passwordless” someday soon.

sebastian.scholl · November 30, 2020, 4:05pm

Hey @gahabeen - I’ve actually been planning on working out a way to figure out this myself. Hopefully I’ll have something for you soon!

gahabeen · November 30, 2020, 6:56pm

Hey @sebastian.scholl , I actually got it working smoothly.

I’ve set up two custom resolvers: userPasswordlessStart and userPasswordlessLogin.
While the first one simply sends the code/link via email/sms (via Auth0 api), the second accepts an email/code as inputs and does the following:

Signs the user in via Auth0 (automatically signup/login depending if user already exists or not)
If user already exists in db, simply return the token
If use doesn’t exists in db, run signUpWithToken with { authProfileId, email } with { headers: { authorization: "Bearer <id_token>" } }.

That’s simply it.

sebastian.scholl · December 1, 2020, 7:32pm

Right on!

Would love to see more of your approach and work on a tutorial for the flow. Would you be open to sharing your resolvers? (without keys )

gahabeen · December 2, 2020, 11:16am

@sebastian.scholl
Sure, I’ve quickly put together a gist: https://gist.github.com/gahabeen/1f3271cdd428efd5c294dd185fe43cd6.

Keep me posted if you’ve got questions.

sebastian.scholl · December 2, 2020, 3:25pm

Going to write up a tutorial and give you a shout out!