Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api_identifier passed as audience to login link generator #233

Closed
Tamrael opened this issue Oct 29, 2021 · 2 comments
Closed

api_identifier passed as audience to login link generator #233

Tamrael opened this issue Oct 29, 2021 · 2 comments
Assignees
@evansims

Comments

@Tamrael
Copy link
Contributor

Tamrael commented Oct 29, 2021

SDK Version

6.5

PHP Version

PHP 7.4

Composer Version

2.x

What happened?

after pulling in 6.4.1 we run into "Service not found" with the a call like this

app('auth0')->login();

resulting in the audience in the login link being set to the client id of the app instead of not being set.

the new config has api_identifier commented out but because we use a SPA and a "normal" backend we need to be able to decode the SPA's JWT with the api_identifier set

laravel-auth0/src/Auth0/Login/Auth0Service.php

Line 275 in 6436962

$apiIdentifier = $this->auth0Config['api_identifier'];

How can we reproduce this issue?

Upgrade auth0/login to > 6.4.0
set api_identifier to client_id

Get SPA JWT token with
const webAuth = new auth0.WebAuth({ domain: process.env.VUE_APP_AUTH0_DOMAIN, redirectUri: '/callback', clientID: process.env.VUE_APP_AUTH0_CLIENT_ID, responseType: "id_token", scope: "openid profile email" });

decode JWT token from SPA successfully on backend.
try to login the backend to it's own auth0 session with
app('auth0')->login();

get "Service not found $client_id" as response

remove api_identifier from config
try to decode JWT token from SPA on backend.
get "Undefined index: api_identifier" from

laravel-auth0/src/Auth0/Login/Auth0Service.php

Line 275 in 6436962

$apiIdentifier = $this->auth0Config['api_identifier'];

Additional context

No response
@Tamrael Tamrael added the triage label Oct 29, 2021
@Tamrael Tamrael mentioned this issue Oct 29, 2021
Closed
@evansims evansims self-assigned this Oct 31, 2021
@evansims
Copy link
Member

Hi @Tamrael 👋 Thanks, give me a bit to investigate this and get back to you.

@evansims
Copy link
Member

Hi @Tamrael 👋 After review, I sympathize with this change being problematic with your use case. Unfortunately, modifying this behavior is not something we'll be able to pursue at this point, as it is now well established. For your particular circumstances, you may need to write custom handling code against the underlying PHP SDK to adapt this to your needs.

You might also consider trying out the new V8 beta release; I'd love your feedback on if this new release would adequately cover your situation.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@evansims evansims

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evansims @Tamrael