Add auth0-forwarded-for header to passwordless sms authentication for…

… rate limit purposes. (#530)
auth0 · Oct 22, 2021 · 2d56fe3 · 2d56fe3
1 parent 2c3468c
commit 2d56fe3
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/src/Auth0.AuthenticationApi/AuthenticationApiClient.cs b/src/Auth0.AuthenticationApi/AuthenticationApiClient.cs
@@ -293,10 +293,14 @@ public Task<AccessTokenResponse> GetTokenAsync(PasswordlessSmsTokenRequest reque
                 { "audience", request.Audience },
                 { "scope", request.Scope } };
 
+            var headers = String.IsNullOrEmpty(request.ForwardedForIp) ? null
+                : new Dictionary<string, string> { { "auth0-forwarded-for", request.ForwardedForIp } };
+
             return connection.SendAsync<AccessTokenResponse>(
                 HttpMethod.Post,
                 tokenUri,
                 body,
+                headers,
                 cancellationToken: cancellationToken);
         }
 
@@ -371,10 +375,14 @@ public Task<PasswordlessSmsResponse> StartPasswordlessSmsFlowAsync(PasswordlessS
                 phone_number = request.PhoneNumber
             };
 
+            var headers = String.IsNullOrEmpty(request.ForwardedForIp) ? null
+                : new Dictionary<string, string> { { "auth0-forwarded-for", request.ForwardedForIp } };
+
             return connection.SendAsync<PasswordlessSmsResponse>(
                 HttpMethod.Post,
                 BuildUri("passwordless/start"),
                 body,
+                headers,
                 cancellationToken: cancellationToken);
         }
 

diff --git a/src/Auth0.AuthenticationApi/Models/PasswordlessSmsRequest.cs b/src/Auth0.AuthenticationApi/Models/PasswordlessSmsRequest.cs
@@ -24,5 +24,14 @@ public class PasswordlessSmsRequest
         /// </summary>
         [JsonProperty("phone_number")]
         public string PhoneNumber { get; set; }
+
+        /// <summary>
+        /// IP address of the end user this token is requested for for rate limit purposes.
+        /// </summary>
+        /// <remarks>
+        /// See https://auth0.com/docs/connections/passwordless/best-practices#link-accounts for more details.
+        /// </remarks>
+        [JsonIgnore]
+        public string ForwardedForIp { get; set; }
     }
 }
diff --git a/src/Auth0.AuthenticationApi/Models/PasswordlessSmsTokenRequest.cs b/src/Auth0.AuthenticationApi/Models/PasswordlessSmsTokenRequest.cs
@@ -11,6 +11,14 @@ public class PasswordlessSmsTokenRequest : PasswordlessTokenRequestBase
         /// Phonenumber used for the Passwordless flow
         /// </summary>
         public string PhoneNumber { get; set; }
-
+
+        /// <summary>
+        /// IP address of the end user this token is requested for for rate limit purposes.
+        /// </summary>
+        /// <remarks>
+        /// See https://auth0.com/docs/connections/passwordless/best-practices#link-accounts for more details.
+        /// </remarks>
+        public string ForwardedForIp { get; set; }
+
     }
 }