-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add custom headers to social token request [SDK-2080] #351
Conversation
Hey @lbalmaceda let me know if there’s a chance to merge that PR and what is required to do so. Thanks! |
@cocojoe Hi Martin, as discussed a while ago, could you look into this PR please? |
Apologies for missing this one. I might be able to take a look next week. I'm tracking this internally under |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @TLFilip, sorry for the time it took us to review this. We're currently working on the next major and making some improvements (this included). We hope to deliver that soon.
That said, I think makes sense to have this in the current major before that new one is shipped. The PR looks good. I've left a change request to refactor a bit of the methods, especially given that most of the classes there are package private.
@@ -320,6 +327,14 @@ private void addPKCEParameters(Map<String, String> parameters, String redirectUr | |||
} | |||
} | |||
|
|||
private void addPKCEHeaders(@NonNull Map<String, String> httpHeaders) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd merge this method into addPKCEParameters
. Please, make the createPKCE()
method take the headers in addition to the redirectUri. That way they are passed in the construction of the PKCE instance. That would as well remove the setter (pkce.setHeaders)
Thanks for the changes @TLFilip |
Changes
For security reasons we need an option to add custom headers for token request. Such a possibility exists for email/password authentication and refresh token. This PR enables it for social login by adding
WebAuthProvider.Builder
methodwithHeaders
.Testing
To test it inspect the network traffic and notice custom headers in token request when executing OAuth2 flow.
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors