-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
credentialsManager alters access token expiry upon storing credentials #160
Comments
Hi @tom-smith-alex, thanks for raising this. I tried to reproduce it, but was unsuccessful: With iOS Credentials Manager With Android Credentials Manager
What is this for? The token expiry should not make any difference here. |
Thanks @Widcket for looking into this. Looking at that second screenshot you posted (Android), the timestamps do look different (hence error is reproducible)? |
Indeed, I missed it 🤦🏼♀️. I'll look into this, which seems to be related to the Android Credentials Manager. |
@tom-smith-alex this is now fixed in v1.0.1. Thanks again for reporting this! |
Checklist
Description
Authenticating with the API.
My local timezone is UTC + 10 (Australia/Brisbane).
Initial value of expiresAt
The Credentials returned by
auth0.api.login()
print the following value for theexpiresAt
property (which is defined as "The absolute date and time of when the access token expires"): 2022-09-07 11:04:54.000Z (or 1662548694000 ms since Epoch). This is expected and in line with the access token expiry value I set in Auth0's dashboard.Value of expiresAt after storing credentials
After invoking the Credentials Manager's
storeCredentials
method to store the above, this is the value ofexpiresAt
when retrieved by thecredentials()
method : 2022-09-07 01:04:54.000Z (or 1662512694000 ms since Epoch).Expected
expiresAt
should be identical in both scenariosActual
Credentials Manager (CM) wrongly adjusts the initial timestamp to my timezone upon storing and / or subsequently retrieving.
Consequences / side effects
expiresAt
, once stored, cannot be trusted if relied upon (to e.g. have a session timeout warning mechanism when user is inactive)credentials()
method, the wrong timestamp is interpreted and the following message is outputted: "Credentials have expired. Renewing them now..." even though the current credentials should still be valid.hasValidCredentials()
method still returnstrue
Reproduction
expiresAt
(for both what's retrieved byapi.login()
+ a subsequentcredentialsManager.credentials()
)auth0_flutter version
1.0.0
Flutter version
3.3.0
Platform
Android
Platform version(s)
31
The text was updated successfully, but these errors were encountered: