Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for custom issuer for ID Token validation [SDK-1909] #411

Merged
merged 10 commits into from
Aug 21, 2020
Merged

Added support for custom issuer for ID Token validation [SDK-1909] #411

merged 10 commits into from
Aug 21, 2020

Conversation

Widcket
Copy link
Contributor

@Widcket Widcket commented Aug 21, 2020
edited
Loading

Changes

New feature

This PR adds support for specifying a custom issuer for ID Token validation.

Auth0.webAuth()
    .issuer("https://example.com/")
    .start { result in
    // Handle result
}

Bugs fixed

In the course of testing this new feature, a couple of issues arised regarding the implementation of ID Token validation:

  • The validation was not being executed for ID Tokens received with the code exchange when there was no previous front-channel ID Token (case of responseType = [.code], which is the default value).
  • The signature validation was failing due to the DER encoding logic not adding a leading 0 to the RSA modulus. This is required to indicate that the number is not negative. Additionally, the test JWK generator logic was not removing the leading 0 when decoding a DER-encoded RSA public key.

Other changes

  • Linter warnings regarding the order of the getters and setters were fixed on _ObjectiveWebAuth.swift.
  • A compiler warning regarding a dangling pointer was fixed on ChallengeGeneratorSpec.swift.

Testing

  • This change adds unit test coverage
  • This change has been tested on the latest version of the platform/language or why not

Checklist

@Widcket Widcket added this to the vNext milestone Aug 21, 2020
@Widcket Widcket requested a review from a team August 21, 2020 03:36
@Widcket Widcket requested a review from lbalmaceda August 21, 2020 16:41
lbalmaceda
lbalmaceda suggested changes Aug 21, 2020
View reviewed changes
Auth0/WebAuthenticatable.swift Show resolved Hide resolved
Auth0/_ObjectiveWebAuth.swift Show resolved Hide resolved
Auth0Tests/Generators.swift Show resolved Hide resolved
@Widcket Widcket requested a review from lbalmaceda August 21, 2020 17:47
@Widcket Widcket merged commit f7e36f5 into master Aug 21, 2020
@Widcket Widcket deleted the feature/custom-issuer branch August 21, 2020 19:27
@Widcket Widcket mentioned this pull request Aug 21, 2020
Merged
@ScottPetit ScottPetit mentioned this pull request Feb 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lbalmaceda lbalmaceda lbalmaceda approved these changes

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees
No one assigned
Labels
CH: Added
Projects
None yet
Milestone
1.28.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Widcket @stevehobbsdev @lbalmaceda