Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MFA API Bearer token issue #556

Open
5 tasks done
santiagodoldan opened this issue Jan 3, 2024 · 2 comments
Open
5 tasks done

MFA API Bearer token issue #556

santiagodoldan opened this issue Jan 3, 2024 · 2 comments
Labels
bug This points to a verified bug in the code

Comments

@santiagodoldan
Copy link

santiagodoldan commented Jan 3, 2024
edited
Loading

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

I found what it seems an issue while trying to interact with the MFA API for testing purposes, to test this API I decided to monkey patch the https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/api/authentication_endpoints.rb module, this was the easiest way to interact with the MFA API using existing mechanisms (If this works and is something that makes sense including in the gem I'd love to implement a better solution and create a PR), continuing with the issue and because of how MFA endpoints work when a user does not have an authenticator method, I need to pass the mfa_token I get with the mfa_required error type in the Bearer header, this was not working and after some investigation I figured out that extra headers when making POST API calls do not work, the gem does not take extra_headers into account in that case https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/mixins/httpproxy.rb#L95, I'd like to understand if that's something that makes sense implementing and if that's the case I'm available to create a PR to cover that use case.

Here just a snippet of the monkey patch I described above to associate a new MFA

module Auth0
  module Api
    module AuthenticationEndpoints
      def mfa_otp_associate(client_id: @client_id, client_secret: @client_secret, mfa_token:)
        request_params = {
          client_id: client_id,
          client_secret: client_secret,
          authenticator_types: ['otp']
        }

        request_with_retry(:post, '/mfa/associate', request_params, { 'Authorization' => "Bearer #{mfa_token}" })
      end
    end
  end
end

If the client object already has a Bearer header it will use that one and not the one I'm passing.

Please let me know if you need more information to understand my use case with the MFA API.

Reproduction

There is no easy way to reproduce this without interacting with the MFA API.

Additional context

No response

ruby-auth0 version

5.16.0

Ruby version

ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux]
@santiagodoldan santiagodoldan added the bug This points to a verified bug in the code label Jan 3, 2024
@stevehobbsdev
Copy link
Contributor

Hey @santiagodoldan, yeah looks like an issue to me - I have low capacity right now but happy to review a PR if you want to submit one.

@santiagodoldan
Copy link
Author

I can work on that 🚀 , I'll create a PR to fix the headers issue and then will integrate the MFA endpoints 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This points to a verified bug in the code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevehobbsdev @santiagodoldan