Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for AuthZeroClientConfig.audience #3869

Merged
merged 2 commits into from
Dec 24, 2024
Merged

Added support for AuthZeroClientConfig.audience #3869

merged 2 commits into from
Dec 24, 2024

Conversation

amcclain
Copy link
Member

@amcclain amcclain commented Dec 24, 2024
edited
Loading

Hoist P/R Checklist

Pull request authors: Review and check off the below. Items that do not apply can also be
checked off to indicate they have been considered. If unclear if a step is relevant, please leave
unchecked and note in comments.

  • Caught up with develop branch as of last change.
  • Added CHANGELOG entry, or determined not required.
  • Reviewed for breaking changes, added breaking-change label + CHANGELOG if so.
  • Updated doc comments / prop-types, or determined not required.
  • Reviewed and tested on Mobile, or determined not required.
  • Created Toolbox branch / PR, or determined not required.

If your change is still a WIP, please use the "Create draft pull request" option in the split
button below to indicate it is not ready yet for a final review.

Pull request reviewers: when merging this P/R, please consider using a squash commit to
collapse multiple intermediate commits into a single commit representing the overall feature
change. This helps keep the commit log clean and easy to scan across releases. PRs containing a
single commit should be rebased when possible.

@amcclain
Copy link
Member Author

To trigger pre-existing issue (without this change) on Toolbox -

  • Disable third party cookies in your browser (Safari > Preferences > Privacy > tick "Prevent cross-site tracking"
  • Attempt to load Toolbox on localhost without this change - you should see a "login_required" error due to blocked use of iframe / cookies. Note this would effect any app attempting to use an access token while on localhost or while using an auth0 domain that does not match the app's deployed domain

With this change in hoist-react, update Toolbox's client-creation code to spec audience: 'toolbox.xh.io' like so:
Screenshot 2024-12-23 at 4 08 52 PM

Login should now proceed OK, with both ID and access tokens available. Note also only a single call to the Auth0 token endpoint now needs to be made by the client.

@amcclain
Copy link
Member Author

Note that this change does not attempt to support a possible configuration where multiple access tokens are configured for different audiences. I believe to support that we would need more cases around need for interactive flows from user. Did not think that was a priority - not something we've seen yet.

@amcclain amcclain marked this pull request as ready for review December 24, 2024 17:15
@lbwexler lbwexler merged commit 77d6ea0 into develop Dec 24, 2024
2 checks passed
@lbwexler lbwexler deleted the auth0Audience branch December 24, 2024 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lbwexler lbwexler lbwexler left review comments

@jskupsik jskupsik Awaiting requested review from jskupsik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amcclain @lbwexler