Trouble getting the user object post login

dan

OK, so the user is able to login when you are logging them into the application directly, is that correct?

But you get a 401 whenever you are requesting a token.

Interesting.

Can you try to make a different call with the client object, just to make sure you are initializing it correctly?

client_response = client.retrieve_user_by_email('you@example.com')
if client_response.was_successful():
    print(client_response.success_response)
else:
    print(client_response.error_response)

Can you try adding this code just after you call client.exchange_o_auth_code_for_access_token?

if resp.was_successful():
    print("success")
    print(resp.success_response)
else:
    print("error")
    print(resp.error_response)

And let me know what you see when running your flask server.

nishant

@dan That is correct. Below is the output on flask server:

<Response [401]>
error
<Response [401]>
74.15.29.84 - - [24/Aug/2020 15:46:33] "GET /oauth-callback?code=q0AEmFiDNOjWiGlBa64Ea7MI2BlwotSh7AAcqqjWSt4&locale=en_US&userState=AuthenticatedNotRegistered HTTP/1.1" 200 -

dan

@nishant said in Trouble getting the user object post login:

&userState=AuthenticatedNotRegistered

There's the issue. Are you sure that you:

• registered the user to the application
• are passing the correct client id for the application

Because it seems like FusionAuth recognizes the user, but not that they are registered to the application.

Can you double check both of those? (I know you checked that the user was registered before, but can you double check?)

nishant

@dan Thanks for the response. I did double check my application code and there was a client id mismatch in one of the URIs in my application code. I fixed that. However I'm still getting 401. Below is the flask server output:

<Response [401]>
error
<Response [401]>
74.15.29.84 - - [25/Aug/2020 22:43:04] "GET /oauth-callback?code=9E2MtFiIkFTS1uRBDjNXIOwLDuefGNLMqreSo1gZL2A&locale=en_US&userState=Authenticated HTTP/1.1" 200 -```

As you can see the state has changed to Authenticated now.

dan

Hiya,

Thanks for your patience. I'm not quite sure what is going on.

Can you provide your code in a github repo or other place I can take a look at the whole project, please?

nishant

@dan No worries! Thanks for all your help! You can download the application zip file from here. As you'll notice, its a pretty simple app. Also I've replaced all the ip addresses and ids for security reasons so while the app won't run as is, you would still be able to get an idea of the functionality. Thanks again for your continued support! Hoping to resolve this soon!

nishant

@dan Hi Dan, just circling back. Did you have a chance to look into this? Thanks!

dan

OK, I did take a look.

The issue is that there was a recent change to the client library which switched the order of arguments.

This is the set of arguments that worked for me:

 resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), "http://localhost:5000/oauth-callback", client_id, client_secret)

But I asked the engineering team when they'd be releasing the newest version of the libs, which will change it to

 resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)

client_id and redirect_uri swapped places.

Once I did that, when I logged in, I saw:

success
{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRkMDYxMjY4YWMifQ.eyJhdWQiOiIzODU1ZGMyMC0yNzQ3LTQwYzEtYTUyMC1hODc3NzYxYmY5YjYiLCJleHAiOjE1OTg2Mzk2MTMsImlhdCI6MTU5ODYzNjAxMywiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDQiLCJqdGkiOiIwYWYzNDlkMy04ZTQ5LTQ0ZDEtYmE5NS04NmM2N2I4NzAzODkiLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoiZGluZXNoQGZ1c2lvbmF1dGguaW8iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXBwbGljYXRpb25JZCI6IjM4NTVkYzIwLTI3NDctNDBjMS1hNTIwLWE4Nzc3NjFiZjliNiIsInJvbGVzIjpbXX0.RXdPUtk_vtRbNva__O8OBLFdUv8aZubewkXmK9Pnr2g', 'expires_in': 3599, 'token_type': 'Bearer', 'userId': '00000000-0000-0000-0000-000000000004'}

If you want to get further user info, you can use the userId to look stuff up via the APIs. You could also make a request to the Userinfo endpoint, but if you do so, you need to request the openid scope initially.

I also noticed that the API call was failing. Make sure you create your client with the API key, which is different than the client id:

client = FusionAuthClient('APIKEY', "http://localhost:9011")

Will let you know what I hear back, but until then you should look at https://github.com/FusionAuth/fusionauth-python-client/blob/1.18.0/src/main/python/fusionauth/fusionauth_client.py to see the proper order of args, because that is the published version.

dan

OK, we just released 1.18.8 and that is the version you want to use:

In requirements.txt:

fusionauth-client==1.18.8

And then this is the call you want to make (with client_id before redirect_uri) :

 resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)

nishant

Thanks Dan! It all works now.

ralph

Thanks all for this - I too fell into the trap. It looks like the docs I was following have the wrong signature for the exchange_o_auth_code_for_access_token function: https://fusionauth.io/blog/2020/07/14/django-and-oauth

It should of course read:

r = client.exchange_o_auth_code_for_access_token(
      code,
      settings.FUSION_AUTH_APP_ID,
      redirect_url,
      settings.FUSION_AUTH_CLIENT_SECRET,
    )

(incidentally, the docs use CLIENT_ID in this function call, but never actually try to set it - so it should be APP_ID as here)

dan

Thanks @ralph . I just updated the site ( https://github.com/FusionAuth/fusionauth-site/pull/247 ) and the fixes should go out in a day or so.

amine.hosni

@dan Thank you for your support. Fixing the signature just saved me another couple of hours (also coming from https://fusionauth.io/blog/2020/07/14/django-and-oauth/) ^^