AUTH-E0001

[dannycsz]

Anyone able to use the demo app code with their own staging app?

I'm able to run the demo app but when I switch to my own staging app client ID, it always response with AUTH-E0001 after the login.

[luiscvega]

Hi @dannycsz. This could be due to several factors. In order to help you, I'll need to know what your current setup is. Kindly see answer here to diagnose your issue:

#12 (comment)

Here are some questions:

1. Do you have a valid JWKS endpoint/object?
2. Are you generating your Auth URL correctly? Can you share an example of your URL?
3. What test persona are you using? This currently works: Username: T4!vY9@xL7$p Password: T4!vY9@xL7$p.
4. Is your redirect URL in your SDP settings exactly the same as the one when you generate your /auth URL? If you are using the demo-app settings, then you also need use the same redirect URL in your SDP as what the demo-app is using, which is: http://localhost:3080/callback.
5. What scopes are you using?
6. What browser are you using?

[dannycsz]

I believe I have a valid JWKS endpoint/object. I have tried generating from mkjwk.org, generating through my JWKS creation code, using the same exact JWKS object as per demo. All gives me the same error. I also tried putting the JWKS object on the dashboard as well as use a valid JWKS endpoint on a server. Both also give same error.

An example of the URL is as followed:
https://stg-id.singpass.gov.sg/auth?client_id=JZyxcuZhLag0WgzfeFXPjhw86G4aEqAS&scope=openid%20uinfin%20name&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3080%2Fcallback&code_challenge_method=S256&code_challenge=vjre_iyElzfcGcFYtncxGhovp8VXDnZCIwODQpmEqQY&nonce=72e5aa81-8497-4329-99ef-fc60aedba4fc&state=27348578769d8e9003b3b661db9aa4b9

3. I'm using S7790795E / T4!vY9@xL7$p

4. just openid uinfin name as per the demo app

5. I'm using Chrome, also tried with Safari and all return AUTH-E0001.

[dannycsz]

Any solution on this because I think quite a number of user also has this problem or is there anyone that has successfully run with their own staging client app?

[hariidavinci]

#21 (comment)

I was able to login after raising a ticket to their support center :D You can try the credentials i mention in my comment and see if it works for you too.

[hariidavinci]

If it's not working for you, id suggest to just create a ticket and they will enable it for you.
Just provide your full Authorization URL, jwsk url along with your clientId and mentioning about the AUTH-E0001 error.

[luiscvega]

Let's try to get a baseline. I've tested this below and I was able to get an authorization code in my redirect URL. Kindly follow the steps below to see if you are able to recreate it:

1. Clone the demo app to your local and run npm install in the node JS folder.
2. Edit the config file to use the following settings. Remember to replace your staging client ID with the client id below. Everything else should be the same. Note that I only really changed the SERVER_PORT, CLIENT_ID and REDIRECT_URI`, everything else is the same from the demo config:

{
    "SERVER_PORT": 8342,
    "CLIENT_ID": "<your-client-id>"
    "ISSUER_URL": "https://stg-id.singpass.gov.sg",
    "REDIRECT_URI": "http://localhost:8342/this-is-my-own-redirect",
    "SCOPES": "openid uinfin name",
    "KEYS": {
        "PRIVATE_SIG_KEY": {
          "alg": "ES256",
          "kty": "EC",
          "x": "tqG7PiAPD0xTBKdxDd4t8xAjJleP3Szw1CZiBjogmoc",
          "y": "256TjvubWV-x-C8lptl7eSbMa7pQUXH9LY1AIHUGINk",
          "crv": "P-256",
          "d": "PgL1UKVpvg_GeKdxV-oUEPIDhGBP2YYZLGiZ5HXDZDI",
          "kid": "my-sig-key"
        },
        "PRIVATE_ENC_KEY": {
          "alg": "ECDH-ES+A256KW",
          "kty": "EC",
          "x": "_TSrfW3arG1Ebc8pCyT-r5lAFvCh_rJvC5HD5-y8yvs",
          "y": "Sr2vpuU6gzdUiXddGnRJIroXCfdameaR1mgU49H5h9A",
          "crv": "P-256",
          "d": "AEabUwi3VjOOfiyoOtSGrqpl8cfhcUhNtj-xh1l-UYE",
          "kid": "my-enc-key"
        },
        "PUBLIC_SIG_KEY": {
          "alg": "ES256",
          "kty": "EC",
          "x": "tqG7PiAPD0xTBKdxDd4t8xAjJleP3Szw1CZiBjogmoc",
          "y": "256TjvubWV-x-C8lptl7eSbMa7pQUXH9LY1AIHUGINk",
          "crv": "P-256",
          "use": "sig",
          "kid": "my-sig-key"
        },
        "PUBLIC_ENC_KEY": {
          "alg": "ECDH-ES+A256KW",
          "kty": "EC",
          "x": "_TSrfW3arG1Ebc8pCyT-r5lAFvCh_rJvC5HD5-y8yvs",
          "y": "Sr2vpuU6gzdUiXddGnRJIroXCfdameaR1mgU49H5h9A",
          "crv": "P-256",
          "use": "enc",
          "kid": "my-enc-key"
        }
      }
}

3. Your app settings in staging in SDP should exactly be the same as in the following screenshot:

4. Run npm start to start the server at http://localhost:8342.

5. Go to http://localhost:8342 and use the following test persona: S7790795E / T4!vY9@xL7$p

6. You should be able to authenticate and see the following screen:

7. Click "I agree" and then you should be redirected back to your redirect_uri with the authorization code. Here is what I received:

http://localhost:8342/this-is-my-own-redirect?code=v2-YIOmIFWb8zX01Gg9tU-7vaynvhXlOaaoBYKOLf88&state=3af3f8e7d38c146bd910c1d3c969be2b

This should be a baseline that uses the demo app with minimal changes. Kindly report if you are able to do the same. if not, we will need to diagnose further.

[dannycsz]

I finally manage to have it work. What happen is my Authentication flow is QR by default, I update to 1FA and this finally works.