From 67edb02b1faf7dd6fd9d17b32525719c36afe4b6 Mon Sep 17 00:00:00 2001 From: Z User Date: Fri, 27 Mar 2026 23:25:13 +0000 Subject: [PATCH] Fix Auth0 authentication: update auth routes with better logging and config handling --- .env.example | 43 +++++++++++++--------------- src/routes/auth.js | 70 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 73 insertions(+), 40 deletions(-) diff --git a/.env.example b/.env.example index 7b7214b..2a4e447 100644 --- a/.env.example +++ b/.env.example @@ -1,32 +1,27 @@ -# Server Configuration -PORT=9991 -NODE_ENV=development - -# App URL (your frontend URL) -APP_URL=https://moxiegen.client.guacamolebox.net - -# CORS -CORS_ORIGIN=https://moxiegen.client.guacamolebox.net - # Auth0 Configuration AUTH0_DOMAIN=dev-t13zhs74oltgqtfx.us.auth0.com -AUTH0_CLIENT_ID=your-client-id-here +AUTH0_CLIENT_ID=AWRYU8EBnKaHvRQOMXXADxgGEoBN45oN AUTH0_CLIENT_SECRET=your-client-secret-here AUTH0_AUDIENCE=https://dev-t13zhs74oltgqtfx.us.auth0.com/api/v2/ -# Stripe Configuration (for future use) -STRIPE_SECRET_KEY=sk_test_xxx -STRIPE_WEBHOOK_SECRET=whsec_xxx -STRIPE_PUBLISHABLE_KEY=pk_test_xxx +# Application URL +APP_URL=https://moxiegen.client.guacamolebox.net -# PayPal Configuration (for future use) -PAYPAL_CLIENT_ID=xxx -PAYPAL_CLIENT_SECRET=xxx -PAYPAL_WEBHOOK_ID=xxx -PAYPAL_MODE=sandbox +# Server Configuration +PORT=9991 +NODE_ENV=production -# JWT Secret (optional, for additional security) -JWT_SECRET=your-super-secret-key-change-in-production +# CORS Origin +CORS_ORIGIN=https://moxiegen.client.guacamolebox.net -# First Admin User (will be promoted to admin on first login if email matches) -ADMIN_EMAIL=admin@example.com +# JWT Secret for signing (optional, for additional security) +JWT_SECRET=your-jwt-secret-change-this-in-production + +# Stripe (for future use) +STRIPE_SECRET_KEY= +STRIPE_WEBHOOK_SECRET= + +# PayPal (for future use) +PAYPAL_CLIENT_ID= +PAYPAL_CLIENT_SECRET= +PAYPAL_WEBHOOK_ID= diff --git a/src/routes/auth.js b/src/routes/auth.js index be36b50..899bc61 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -7,6 +7,7 @@ const router = express.Router(); const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || 'dev-t13zhs74oltgqtfx.us.auth0.com'; const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID; const AUTH0_CLIENT_SECRET = process.env.AUTH0_CLIENT_SECRET; +const AUTH0_AUDIENCE = process.env.AUTH0_AUDIENCE || ''; /** * @route GET /api/auth/callback @@ -26,26 +27,44 @@ router.get('/callback', asyncHandler(async (req, res) => { } try { + // Build token request body + const tokenRequestBody = { + grant_type: 'authorization_code', + client_id: AUTH0_CLIENT_ID, + client_secret: AUTH0_CLIENT_SECRET, + code, + redirect_uri: `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html` + }; + + // Only add audience if configured + if (AUTH0_AUDIENCE && AUTH0_AUDIENCE.trim() !== '') { + tokenRequestBody.audience = AUTH0_AUDIENCE; + } + + console.log('Token exchange request:', { + domain: AUTH0_DOMAIN, + client_id: AUTH0_CLIENT_ID ? 'configured' : 'missing', + client_secret: AUTH0_CLIENT_SECRET ? 'configured' : 'missing', + redirect_uri: tokenRequestBody.redirect_uri, + audience: tokenRequestBody.audience || 'not set' + }); + // Exchange code for tokens const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify({ - grant_type: 'authorization_code', - client_id: AUTH0_CLIENT_ID, - client_secret: AUTH0_CLIENT_SECRET, - code, - redirect_uri: `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html` - }) + body: JSON.stringify(tokenRequestBody) }); const tokens = await tokenResponse.json(); if (tokens.error) { - console.error('Token exchange error:', tokens.error); + console.error('Token exchange error:', tokens.error, tokens.error_description); throw new Error(tokens.error_description || tokens.error); } + console.log('Token exchange successful'); + // Redirect to frontend with tokens const frontendUrl = process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'; res.redirect(`${frontendUrl}/dashboard.html?access_token=${tokens.access_token}&id_token=${tokens.id_token}&expires_in=${tokens.expires_in}`); @@ -69,24 +88,43 @@ router.post('/token', asyncHandler(async (req, res) => { } try { + // Build token request body + const tokenRequestBody = { + grant_type: 'authorization_code', + client_id: AUTH0_CLIENT_ID, + client_secret: AUTH0_CLIENT_SECRET, + code, + redirect_uri: redirect_uri || `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html` + }; + + // Only add audience if configured + if (AUTH0_AUDIENCE && AUTH0_AUDIENCE.trim() !== '') { + tokenRequestBody.audience = AUTH0_AUDIENCE; + } + + console.log('POST Token exchange request:', { + domain: AUTH0_DOMAIN, + client_id: AUTH0_CLIENT_ID ? 'configured' : 'missing', + client_secret: AUTH0_CLIENT_SECRET ? 'configured' : 'missing', + redirect_uri: tokenRequestBody.redirect_uri, + audience: tokenRequestBody.audience || 'not set' + }); + const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify({ - grant_type: 'authorization_code', - client_id: AUTH0_CLIENT_ID, - client_secret: AUTH0_CLIENT_SECRET, - code, - redirect_uri: redirect_uri || `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html` - }) + body: JSON.stringify(tokenRequestBody) }); const tokens = await tokenResponse.json(); if (tokens.error) { + console.error('POST Token exchange error:', tokens.error, tokens.error_description); return res.status(400).json(ApiResponse(false, null, tokens.error_description || tokens.error)); } + console.log('POST Token exchange successful'); + res.json(ApiResponse(true, { access_token: tokens.access_token, id_token: tokens.id_token, @@ -132,7 +170,7 @@ router.get('/config', (req, res) => { res.json(ApiResponse(true, { domain: AUTH0_DOMAIN, clientId: AUTH0_CLIENT_ID, - audience: process.env.AUTH0_AUDIENCE || `https://${AUTH0_DOMAIN}/api/v2/` + audience: AUTH0_AUDIENCE || '' })); });