Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add credentials() and hasValidCredentials() [SDK-3997] #207

Merged
merged 1 commit into from
Feb 27, 2023
Merged

Add credentials() and hasValidCredentials() [SDK-3997] #207

merged 1 commit into from
Feb 27, 2023

Conversation

Widcket
Copy link
Contributor

@Widcket Widcket commented Feb 27, 2023

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

📋 Changes

This PR adds support for fetching the credentials, and for checking if there are any valid credentials stored. The following public methods were added:

  • credentials() -> calls getTokenSilently() from the SPA SDK.
  • hasValidCredentials() -> calls isAuthenticated() from the SPA SDK.

🎯 Testing

The changes were tested manually. Unit tests will be added in a future PR.

Screen.Recording.2023-02-26.at.22.21.21.mov

@Widcket Widcket requested a review from a team as a code owner February 27, 2023 01:37
@Widcket Widcket added the review:medium Medium review label Feb 27, 2023
@Widcket Widcket added review:large Large review and removed review:medium Medium review labels Feb 27, 2023
Widcket
Widcket commented Feb 27, 2023
View reviewed changes
auth0_flutter/lib/src/web/jwt_decode_exception.dart
const JWTDecodeException.invalidPartCount(final String jwt, final int parts)
: this(JWTDecodeException._invalidPartCount,
'The JWT $jwt has $parts parts when it should have 3 parts.');
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the same messages and error cases as the ones in JWTDecode.swift: https://github.com/auth0/JWTDecode.swift/blob/master/JWTDecode/JWTDecodeError.swift

stevehobbsdev
stevehobbsdev reviewed Feb 27, 2023
View reviewed changes
auth0_flutter/lib/src/web/credentials_extension.dart
accessToken: webCredentials.access_token,
expiresAt: expiresAt,
user: user,
tokenType: 'Bearer');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we get tokenType from the getTokenSilently detailed response - should we use that, or hard code it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not part of TokenEndpointResponse: https://github.com/auth0/auth0-spa-js/blob/master/src/global.ts#L500

auth0_flutter/lib/src/web/jwt_decode.dart
Comment on lines +6 to +27
static Map<String, dynamic> decode(final String jwt) {
final parts = jwt.split('.');

if (parts.length != 3) {
throw JWTDecodeException.invalidPartCount(jwt, parts.length);
}

final String stringPayload;

try {
final decodedPayload = base64.decode(base64.normalize(parts[1]));
stringPayload = utf8.decode(decodedPayload);
} catch (error) {
throw JWTDecodeException.invalidBase64URL(parts[1]);
}

try {
return jsonDecode(stringPayload) as Map<String, dynamic>;
} catch (error) {
throw JWTDecodeException.invalidJSON(parts[1]);
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can already get the decoded token from the SDK using getIdTokenClaims - do we need to decode it manually here?

https://auth0.github.io/auth0-spa-js/classes/Auth0Client.html#getIdTokenClaims

Copy link
Contributor Author

@Widcket Widcket Feb 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure we can represent custom claims (https://github.com/auth0/auth0-spa-js/blob/master/src/global.ts#L578) without decoding to a Map<String, dynamic>, hence the custom decoding.

@Widcket Widcket merged commit 05b3d88 into beta Feb 27, 2023
@Widcket Widcket deleted the feature/credentials branch February 27, 2023 14:20
This was referenced Apr 14, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees
No one assigned
Labels
check title review:large Large review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Widcket @stevehobbsdev