Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make some Credentials properties non-optional [SDK-2900] #533

Merged
merged 3 commits into from
Nov 5, 2021
Merged

Make some Credentials properties non-optional [SDK-2900] #533

merged 3 commits into from
Nov 5, 2021

Conversation

Widcket
Copy link
Contributor

@Widcket Widcket commented Nov 4, 2021
edited
Loading

Changes

⚠️ THIS PR CONTAINS BREAKING CHANGES

The following properties of the Credentials class were made non-optional, using the empty string ("”) as the default value in the initializer:

  • accessToken
  • tokenType
  • expiresIn
  • idToken

scope, refreshToken, and recoveryCode remain optional.

Consequently, the ID Token presence check was removed from the ID Token validation logic.

References

The migration guide was updated on #534

Testing

  • This change adds unit test coverage
  • This change has been tested on the latest version of the platform/language or why not

Checklist

@Widcket Widcket requested a review from a team as a code owner November 4, 2021 01:54
@Widcket Widcket marked this pull request as draft November 4, 2021 01:54
@Widcket Widcket changed the base branch from master to beta November 4, 2021 01:54
@Widcket Widcket added the review:small Small review label Nov 4, 2021
Widcket
Widcket commented Nov 4, 2021
View reviewed changes
Auth0Tests/CredentialsSpec.swift
@@ -39,8 +39,7 @@ class CredentialsSpec: QuickSpec {
describe("init from json") {

it("should have all tokens and token_type") {
let credentials = Credentials(json: ["access_token": AccessToken, "token_type": Bearer, "id_token": IdToken, "refresh_token": RefreshToken, "expires_in" : expiresIn, "scope": Scope, "recovery_code": RecoveryCode])
expect(credentials).toNot(beNil())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When created from JSON, the instance of Credentials cannot be nil. That assertion is superflous.

Widcket
Widcket commented Nov 4, 2021
View reviewed changes
Auth0Tests/CredentialsSpec.swift
expect(credentials.scope).to(beNil())
expect(credentials.recoveryCode).to(beNil())
}

it("should have id_token") {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All properties (nullable and non-nullable) are tested in the two previous test cases.

Widcket
Widcket commented Nov 4, 2021
View reviewed changes
Auth0/OAuth2Grant.swift
let validatorContext = IDTokenValidatorContext(authentication: authentication,
issuer: self.issuer,
leeway: self.leeway,
maxAge: self.maxAge,
nonce: self.defaults["nonce"],
organization: self.organization)
validateFrontChannelIDToken(idToken: idToken, for: responseType, with: validatorContext) { error in
validateFrontChannelIDToken(idToken: frontChannelIdToken, for: responseType, with: validatorContext) { error in
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method (and everything related to front-channel ID Tokens) will be removed in a future PR, as we'll only support code.

Widcket
Widcket commented Nov 4, 2021
View reviewed changes
Auth0/IDTokenValidator.swift
case cannotDecode

var errorDescription: String? {
switch self {
case .missingToken: return "ID token is required but missing"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no point in validating the ID Token presence if there will always be an ID Token in the response.

Widcket
Widcket commented Nov 4, 2021
View reviewed changes
Auth0/CredentialsManager.swift Outdated
return jwt.expired
}
if credentials.expiresIn < Date() { return true }
if let jwt = try? decode(jwt: credentials.idToken) { return jwt.expired }
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamjmcgrath should we keep taking into account the ID Token expiration to determine the validity of the credentials?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep 👍 - we should only use the ID Token exp when validating the ID Token

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll remove that check then

@Widcket Widcket changed the title Make some properties of the Credentials class non-optional Make some properties of the Credentials class non-optional [SDK-2900] Nov 4, 2021
@Widcket Widcket changed the title Make some properties of the Credentials class non-optional [SDK-2900] Make some Credentials properties non-optional [SDK-2900] Nov 4, 2021
@Widcket Widcket mentioned this pull request Nov 4, 2021
Merged
5 tasks
@Widcket Widcket marked this pull request as ready for review November 4, 2021 16:00
@Widcket Widcket merged commit baac55c into beta Nov 5, 2021
@Widcket Widcket mentioned this pull request Jan 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamjmcgrath adamjmcgrath adamjmcgrath approved these changes

Assignees
No one assigned
Labels
review:small Small review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Widcket @adamjmcgrath