GPTS oAuth using auth0 to record work for relevant user with validation in custom API

I have this code in the API. I’m using auth0, I can log in successfully but I can’t see any authorization header or token in the body (i tried both options in GPTS oAuth settings ):


import { NextResponse } from 'next/server';
import jwt from 'jsonwebtoken';
import jwksClient from 'jwks-rsa';

const client = jwksClient({
  jwksUri: `https://[my-app]/.well-known/jwks.json`
});

function getKey(header, callback){
  client.getSigningKey(header.kid, function(err, key) {
    var signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

export async function validate(req) {
  console.log("req", req);
  console.log("headers", req.headers);
  console.log("body", req.body);

  const { token } = req.body;

  console.log("token", token);
  if (!token) {
    return new NextResponse(JSON.stringify({ msg: 'No token, authorization denied' }), { status: 401 });
  }

  return new Promise((resolve) => {
    jwt.verify(token, getKey, { algorithms: ['RS256'] }, (err, decoded) => {
      if (err) {
        resolve(new NextResponse(JSON.stringify({ msg: 'Token is not valid' }), { status: 401 }));
      } else {
        resolve(new NextResponse(JSON.stringify(decoded), { status: 200 }));
      }
    });
  });
}

I want to allow users to log in and store their work, what am I doing wrong?

Update:

I’ve deleted my custom GPT and created a new one. To my surprise, the Authorization token appeared in the new GPT.

To anyone who may find this useful, auth0 will return a token which then can be verified and then used on the backend to retrieve user information something like this:


const client = jwksClient({
  jwksUri: `https://auth.dailyhabit.pro/.well-known/jwks.json`
});

function getKey(header, callback){
  client.getSigningKey(header.kid, function(err, key) {
    var signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

  jwt.verify(token, getKey, { algorithms: ['RS256'] }, async (err, decoded) => {
      if (err) {
        resolve(new NextResponse(JSON.stringify({ msg: 'Token is not valid' }), { status: 401 }));
      } else {
        // Get the user information
        const response = await fetch('https://auth.dailyhabit.pro/userinfo', {
          headers: {
            'Authorization': `Bearer ${token}`
          }
        });
        const userInfo = await response.json();
        resolve(userInfo);
      }
    });

Auth0 works

You can follow this code example to get an understanding of setting up GPT Auth

1 Like