为啥 Auth0.js 在 Passwordless/Verify 上给我有效负载验证错误“没有满足有效模式”和“缺少必需的属性”？

Posted 2023-03-27

【中文标题】为啥 Auth0.js 在 Passwordless/Verify 上给我有效负载验证错误“没有满足有效模式”和“缺少必需的属性”？

【英文标题】：Why is Auth0.js giving me payload validation errors "None of the valid schemas were met" and "Missing required property" on Passwordless/Verify?为什么 Auth0.js 在 Passwordless/Verify 上给我有效负载验证错误“没有满足有效模式”和“缺少必需的属性”？

【发布时间】：2018-05-18 03:20:28

【问题描述】：

我的 SPA 客户端正在使用 Auth0.js 无密码启动/验证流程对用户进行身份验证。我的身份验证回调页面收到以下有效负载验证错误。我已在 Auth0 Dashboard 中验证了 SMS 连接的用户存在，并且 SPA 客户端已启用 SMS 连接。

错误：

https://localhost:9001/auth/callback#error=access_denied&error_description=
Payload%20validation%20error%253A%20'None%20of%20the%20valid%20schemas%20were%20met'
.%20Inner%20errors%253A%20%5B%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20blocked'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20email_verified'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20email'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20verify_email'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20phone_number'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20phone_verified'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20verify_phone_number'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20password'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20verify_password'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20user_metadata'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20app_metadata'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20username'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20client_id'
.%20(also)%20Payload%20validation%20error%253A%20'Missing%20required%20property%253A%20groups'
.%20%5D.&state=statehash

Auth0 初始化：

this.auth0 = new auth0.WebAuth(
                audience: `https://$authSettings.domain/userinfo`,
                clientID: authSettings.checkoutClientId,
                domain: authSettings.domain,
                redirectUri: authSettings.checkoutCallbackUrl,
                responseType: 'token id_token',
                scope: 'openid email profile'
            );

无密码启动：

this.auth0.passwordlessStart(
        connection: 'sms',
        send: 'code',
        phoneNumber: phoneNumber,
        authParams: 
          responseType: 'token id_token',
          scope: 'openid email profile'
        
      

无密码验证：

this.auth0.passwordlessVerify(
          connection: 'sms',
          phoneNumber: phoneNumber,
          verificationCode: confirmationCode,
          type: 'sms',
          authParams: 
            responseType: 'token id_token',
            scope: 'openid email profile'
          
        

“缺少必需的参数”对于无密码/验证的调用甚至没有意义。

【参考方案1】：

原来错误实际上是在自定义 Auth0 规则中引发的，但只是通过 auth 回调出现。

具体来说，我们有一条名为 auth0.users.updateAppMetadata 和 auth0.users.updateUserMetadata 的规则，显然不适用于无密码 SMS 连接。