kohli kohli - 2 months ago 14
Node.js Question

The Auth0 /userinfo endpoint returns an unauthorized error

It's giving unauthorized as result error even when I pass the bearer token in Node.js application.

function getUser(authData){
var postData = querystring.stringify({ authorization: authData });

var options = {
host: 'pole.auth0.com',
method: 'GET',
path: '/userinfo'
};

//make request
httpsRequest(postData, options)
.then(function(result) {
// success
res.status(201).send({ 'success': true });
}, function(err) {
res.status(500).send({ 'success': false, 'reasonCode': "Internal error." });
});
};


Helper function:

function httpsRequest (data, options) {
return new Promise(function (resolve, reject) {
var req = https.request(options, function (res) {
var result = '';
console.log(options);
res.on('data', function (chunk) {
result += chunk;
});
res.on('end', function () {
console.log("https end result - " + result);
resolve(result);
});
res.on('error', function (err) {
reject(err);
})
});

// req error
req.on('error', function (err) {
reject(err);
});

//send request witht the postData form
req.write(data);
req.end();
});
}


The
authData
parameter has a string value like
Bearer [token]
. I'm using https.request to make the api request

Is there anything wrong on the code?

Answer

According to the /userinfo endpoint documentation you should be performing a GET HTTP request instead of a POST and additionally, you need to pass the access token in the Authorization header.


Update:

The problem is in how you're trying to pass the token in the authorization header.

You did not mentioned what you were using as HTTP client, but here's some sample code using request-promise as the Node HTTP client; this works fine.

var rp = require('request-promise');

var options = {
    uri: 'https://[YOUR_TENANT].auth0.com/userinfo',
    headers: {
        'Authorization': 'Bearer [YOUR_ACCESS_TOKEN]'
    }
};

rp(options)
    .then(function (info) {
        console.log('User information:', info);
    })
    .catch(function (err) {
        // API call failed... 
    });

Update 2:

With Node.js built-in HTTP client:

const https = require('https');

var options = {
    hostname: '[YOUR_TENANT].auth0.com',
    port: 443,
    path: '/userinfo',
    method: 'GET',
    headers: {
        'Authorization': 'Bearer [YOUR_ACCESS_TOKEN]'
    }
};

var req = https.request(options, (res) => {
    res.on('data', (d) => {
        process.stdout.write(d);
    });
});
req.end();

req.on('error', (e) => {
    console.error(e);
});

Again, the vital part is on how to pass the token in the correct header.