2

It's giving unauthorized as result error even when I pass the bearer token in Node.js application.

    function getUser(authData){
      var postData = querystring.stringify({ authorization: authData });

      var options = {
        host: 'pole.auth0.com',
        method: 'GET',
        path: '/userinfo'
      };

      //make request
      httpsRequest(postData, options)
        .then(function(result) {
          // success
          res.status(201).send({ 'success': true });
        }, function(err) {
          res.status(500).send({ 'success': false, 'reasonCode': "Internal error." });
        });
    };

Helper function:

function httpsRequest (data, options) {
    return new Promise(function (resolve, reject) {
        var req = https.request(options, function (res) {
            var result = '';
            console.log(options);
            res.on('data', function (chunk) {
                result += chunk;
            });
            res.on('end', function () {
                console.log("https end result - " + result);
                resolve(result);
            });
            res.on('error', function (err) {
                reject(err);
            })
        });

        // req error
        req.on('error', function (err) {
            reject(err);
        });

        //send request witht the postData form
        req.write(data);
        req.end();
    });
}

The authData parameter has a string value like Bearer [token]. I'm using https.request to make the api request

Is there anything wrong on the code?

João Angelo
  • 56,552
  • 12
  • 145
  • 147
Kokulan
  • 1,316
  • 3
  • 19
  • 35

1 Answers1

4

According to the /userinfo endpoint documentation you should be performing a GET HTTP request instead of a POST and additionally, you need to pass the access token in the Authorization header.

Update:

The problem is in how you're trying to pass the token in the authorization header.

You did not mentioned what you were using as HTTP client, but here's some sample code using request-promise as the Node HTTP client; this works fine.

var rp = require('request-promise');

var options = {
    uri: 'https://[YOUR_TENANT].auth0.com/userinfo',
    headers: {
        'Authorization': 'Bearer [YOUR_ACCESS_TOKEN]'
    }
};

rp(options)
    .then(function (info) {
        console.log('User information:', info);
    })
    .catch(function (err) {
        // API call failed... 
    });

Update 2:

With Node.js built-in HTTP client:

const https = require('https');

var options = {
    hostname: '[YOUR_TENANT].auth0.com',
    port: 443,
    path: '/userinfo',
    method: 'GET',
    headers: {
        'Authorization': 'Bearer [YOUR_ACCESS_TOKEN]'
    }
};

var req = https.request(options, (res) => {
    res.on('data', (d) => {
        process.stdout.write(d);
    });
});
req.end();

req.on('error', (e) => {
    console.error(e);
});

Again, the vital part is on how to pass the token in the correct header.

João Angelo
  • 56,552
  • 12
  • 145
  • 147
  • I tried using GET HTTP request and passed the authorization header as well still same error – Kokulan Oct 04 '16 at 10:07
  • Update your question with the exact code (except any sensitive data) you're using to perform the `GET` request. – João Angelo Oct 04 '16 at 10:25
  • Answer updated, you need to correctly pass the token as an authorization header. – João Angelo Oct 04 '16 at 10:45
  • I'm using `var https = require('https'); var querystring = require('querystring');` as the node.js client. and i have updated the question code as well – Kokulan Oct 04 '16 at 10:50