auth0 · adamjmcgrath · Mar 27, 2020 · Mar 25, 2020 · Mar 26, 2020 · Mar 26, 2020
@@ -34,6 +34,7 @@ Additional configuration keys that can be passed to `auth()` on initialization:
 - **`auth0Logout`** - Boolean value to enable Auth0's logout feature. Default is `false`.
 - **`authorizationParams`** - Object that describes the authorization server request. [See below](#authorization-params-key) for defaults and more details.
 - **`clockTolerance`** - Integer value for the system clock's tolerance (leeway) in seconds for ID token verification. Default is `60`.
+- **`enableTelemetry`** - Opt-in to sending the library and node version to your authorization server via the `Auth0-Client` header. Default is `true`.
 - **`errorOnRequiredAuth`** - Boolean value to throw a `Unauthorized 401` error instead of triggering the login process for routes that require authentication. Default is `false`.
 - **`getUser`** - Function that returns the profile for `req.openid.user`. This runs on each application page load for authenticated users. Default is [here](lib/hooks/getUser.js).
 - **`handleCallback`** - Function that runs on the callback route, after callback processing but before redirection. Default is [here](lib/hooks/handleCallback.js).

@@ -108,7 +108,7 @@ app.use(auth({
   // Setting this configuration key to false will turn off internal session handling.
   appSession: false,
   handleCallback: async function (req, res, next) {
-    // This will store the user identity claims in the session
+    // This will store the user identity claims in the session.
     req.session.userIdentity = req.openidTokens.claims();
     next();
   },

@@ -64,6 +64,12 @@ interface ConfigParams {
      */
     clockTolerance?: number;
 
+    /**
+     * Opt-in to sending the library and node version to your authorization server
+     * via the `Auth0-Client` header.
+     */
+    enableTelemetry?: boolean;
+
     /**
      * Throw a 401 error instead of triggering the login process for routes that require authentication.
      */

@@ -74,11 +74,13 @@ async function get(config) {
     // Allow configuration to override user agent header.
     {'User-Agent': `${pkg.name}/${pkg.version}`},
     httpOptions.headers || {},
-    // Do not allow overriding telemetry.
-    {'Auth0-Client': Buffer.from(JSON.stringify(telemetryHeader)).toString('base64')}
+    // Do not allow overriding telemetry, but allow it to be omitted.
+    config.enableTelemetry && {'Auth0-Client': Buffer.from(JSON.stringify(telemetryHeader)).toString('base64')}
   );
 
-  custom.setHttpOptionsDefaults(httpOptions);
+  client[custom.http_options] = function(options) {
+    return Object.assign({}, options, httpOptions);
+  };
 
   client[custom.clock_tolerance] = config.clockTolerance;
 

@@ -59,6 +59,7 @@ const paramsSchema = Joi.object({
     }
   ),
   clockTolerance: Joi.number().optional().default(60),
+  enableTelemetry: Joi.boolean().optional().default(true),
   errorOnRequiredAuth: Joi.boolean().optional().default(false),
   getLoginState: Joi.function().optional().default(() => getLoginState),
   getUser: Joi.function().optional().default(() => getUser),

@@ -90,6 +90,29 @@ describe('client initialization', function() {
     });
   });
 
+  describe('telemetry header', function() {
+    const config = getConfig({
+      appSession: {secret: '__test_session_secret__'},
+      clientID: '__test_client_id__',
+      clientSecret: '__test_client_secret__',
+      issuerBaseURL: 'https://test.auth0.com',
+      baseURL: 'https://example.org',
+      enableTelemetry: false
+    });
+
+    let client;
+    before(async function() {
+      client = await getClient(config);
+    });
+
+    it('should send the correct default headers', async function() {
+      const headers = await client.introspect('__test_token__', '__test_hint__');
+      const headerProps = Object.getOwnPropertyNames(headers);
+
+      assert.notInclude(headerProps, 'auth0-client');
+    });
+  });
+
   describe('idTokenAlg configuration is not overridden by discovery server', function() {
     const config = getConfig({
       appSession: {secret: '__test_session_secret__'},