Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only decode the payload before user profile fetch in login manager #283

Closed
glena opened this issue Feb 2, 2017 · 1 comment
Closed

Only decode the payload before user profile fetch in login manager #283

glena opened this issue Feb 2, 2017 · 1 comment
Milestone
3.6.0

Comments

@glena
Copy link
Contributor

glena commented Feb 2, 2017

There is no need to verify the token at this point (since it comes from auth0 server using code response type).

https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_LoginManager.php#L246

Decoding only the payload to get the user_id (sub) should be enough (in particular because if the token is not valid, the auth0 api will answer with a 401).

This way we avoid issues if the customer uses RS256 as signing method.
@joshcanhelp joshcanhelp added this to the v3-Next milestone Apr 23, 2018
@joshcanhelp
Copy link
Contributor

Fixed in #409 and merged into dev

@joshcanhelp joshcanhelp mentioned this issue Jun 5, 2018
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.6.0
Development

No branches or pull requests
2 participants
@joshcanhelp @glena