Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable claim validation by calling AuthenticationRequest#validateClaims() Issue #191

Closed
6 tasks done
philip6560 opened this issue Jan 14, 2023 · 2 comments
Closed
6 tasks done

Enable claim validation by calling AuthenticationRequest#validateClaims() Issue #191

philip6560 opened this issue Jan 14, 2023 · 2 comments
Labels
question Further information is requested

Comments

@philip6560
Copy link

Checklist

  • The issue can be reproduced in the auth0_flutter sample app (or N/A).
  • I have looked into the README and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

I get this message E/BaseAuthenticationRequest(24058): The request is made without validating claims. Enable claim validation by calling AuthenticationRequest#validateClaims().

when I use the auth0.api.login method from the sdk on Android. Although the request goes through, however I am concerned as I don't know what this means.

I have been able to trace this to this file on the android-sdk auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt to a comment on line 67 about the method on line 79.

Reproduction

  1. Make a call to auth0.api.login() with required parameters.
  2. immediately after request is initiated check console for this E/BaseAuthenticationRequest(24058): The request is made without validating claims. Enable claim validation by calling AuthenticationRequest#validateClaims().

auth0_flutter version

auth0_flutter: ^1.0.2

Flutter version

Flutter version 3.3.10 on channel stable

Platform

Android

Platform version(s)

Android 13 (API 33)
@Widcket
Copy link
Contributor

Widcket commented Jan 18, 2023

Hi @philip6560, thanks for raising this.

auth0_flutter wraps the Auth0.Android and Auth0.swift native SDKs. Since v2.8.0, Auth0.Android supports validating the claims of ID tokens obtained through the Authentication API client. It is an opt-in feature, which is not enabled in auth0_flutter because it's not supported in Auth0.swift yet.

You can implement the logic for validating the ID token claims yourself, and disregard the The request is made without validating claims. Enable claim validation by calling AuthenticationRequest#validateClaims() message: https://auth0.com/docs/secure/tokens/id-tokens/validate-id-tokens

@Widcket Widcket closed this as completed Jan 18, 2023
@Widcket Widcket added the question Further information is requested label Jan 18, 2023
@philip6560
Copy link
Author

@Widcket Thanks a lot, I'd check it out.

@Widcket Widcket mentioned this issue Sep 11, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Widcket @philip6560