FastMCP Todo Server

# Advanced Auth0 Debugging Guide You've hit a `401 Unauthorized` error that's resisting all the usual fixes. This guide will walk you through the advanced debugging steps to solve it. ## Step 1: Check the Auth0 Logs for Clues This is the most important step. Auth0 logs every authentication attempt, and the error messages there are usually very specific. 1. **Go to your [Auth0 Dashboard](https://manage.auth0.com/).** 2. In the left sidebar, go to **Monitoring -> Logs**. 3. **Run the `tests/test_user_identity.py` script again** to generate a fresh log entry. 4. Look for a **"Failed Login"** or **"Failed Exchange"** log entry at the top of the list. 5. Click on it to expand the details. 6. Look for a **"reason"** or **"error_description"** field. This will often tell you exactly what's wrong. Common error messages to look for: * `"invalid_grant"`: The token is invalid or expired. * `"invalid_scope"`: The requested scopes are not allowed. * `"unauthorized_client"`: The application is not authorized. * `"access_denied"`: The user did not consent. ## Step 2: Use the "Try" Button in Your API Settings Auth0 has a built-in tool for testing your API directly. This is a great way to confirm that your API is configured correctly. 1. Go to **Applications -> APIs** in your Auth0 dashboard. 2. Click on your API (`https://madnessinteractive.cc/api`). 3. Go to the **"Test"** tab. 4. You'll see a section that allows you to get a token for your API. Click the **"Copy Token"** button. 5. Now, you can use this token to manually test the `/userinfo` endpoint: ```bash curl -H "Authorization: Bearer <PASTE_THE_TOKEN_HERE>" https://YOUR_AUTH0_DOMAIN/userinfo ``` If this works, then the issue is with the token being generated by your `auth_flow.py` script. If it fails, then the issue is with your API configuration in Auth0. ## Step 3: Check the "Permissions" Tab of Your API If you have RBAC enabled, you need to explicitly grant permissions for the scopes you're requesting. 1. Go to **Applications -> APIs** in your Auth0 dashboard. 2. Click on your API. 3. Go to the **"Permissions"** tab. 4. Make sure you have permissions defined for `openid`, `profile`, and `email`. If not, add them. ## Step 4: The Nuclear Option - Create a New API Sometimes, an API configuration can get into a strange state. If all else fails, create a new API and see if that resolves the issue. 1. Go to **Applications -> APIs** and click **"Create API"**. 2. Give it a new name (e.g., "Omnispindle API"). 3. Set the identifier to `https://madnessinteractive.cc/api/v2` (or something new). 4. **Update the `AUTH0_AUDIENCE`** in your environment to match the new identifier. 5. Run the test again. I'm confident that by following these steps, you'll be able to find the root cause of this `401` error. The Auth0 logs are your best friend here. Good luck!