Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add WithClientCredentialsAndTokenURL option #185

Open
1 task done
medev21 opened this issue Mar 21, 2023 · 2 comments
Open
1 task done

Add WithClientCredentialsAndTokenURL option #185

medev21 opened this issue Mar 21, 2023 · 2 comments
Labels
feature

Comments

@medev21
Copy link

medev21 commented Mar 21, 2023

Checklist

Describe the problem you'd like to have solved

We are trying to use the SDK for Auth0 API operations, but running into issues with the tokens.

We realized that in your code, you're using the uri to generate the token url by concatenating the domain with oauth/token. Unfortunately for us, the token url is different than our auth0 domain; not sure why this is the case.

So, the option WithClientCredentials will not work. We have tried to use WithClient option by generating our own http.Client and pass it to that option.

func generateCilent() *http.Client {
    ctx := context.Background()
   
    conf := clientCredentials.Config{
        ClientId: "client id",
        ClientSecret: "secret",
        TokenURL:  "token url",
        EndpointParams: "params goes here",
        AuthStyle: "oauth style"
    }

    return conf.Client(ctx)
}

We were expecting it to work but unfortunately it did not, we came across with this error.

oauth2: Transport's Source is nil

We took a look under hood and saw that WithClient option only updates the m.http, so the m.tokenSource remains empty; we think.

We used WithStaticToken, which it works but that's assuming the token never expires. We want to refresh the tokens.

Describe the ideal solution

Ideally, we would like another option to the tokenURL, so something like this

WithClientCredentialsAndTokenURL(clientID string, clientSecret string, tokenURL string) management.Option

so this tokenURL field will be used to update the TokenURL under this function, https://github.com/auth0/go-auth0/blob/main/internal/client/client.go#L223

func OAuth2ClientCredentialsAndAudience(
	ctx context.Context,
	uri,
	clientID,
	clientSecret,
	audience string,
) oauth2.TokenSource {
	cfg := &clientcredentials.Config{
		ClientID:     clientID,
		ClientSecret: clientSecret,
		TokenURL:     uri + "/oauth/token",
		EndpointParams: url.Values{
			"audience": []string{audience},
		},
	}

	return cfg.TokenSource(ctx)
}

This is an idea from what we have seen from your code, but the main point is to provide an alternative to pass a token URL that's different the Auth0 domain.

Alternatives and current workarounds

No response

Additional context

No response
@ewanharris
Copy link
Contributor

Hey @medev21, thanks for the issue!

I'd like to try and understand why your domain and token URL are different as within the context of this SDK I believe it should always be on the same domain (whether that is the a custom domain or the default Auth0 tenant domain). What is the error you're receiving? Are you able to provide an example or some extra information about your setup?

if you're using a custom domain, calling WithClientCredentialsAndAudience with the audience value being your Management API Identifier (e.g. https://myaccount.auth0.com/api/v2/) should ensure the token is valid and can perform management actions.

@medev21
Copy link
Author

medev21 commented Mar 31, 2023

Hi @ewanharris! Sorry for the slow reply.

Unfortunately, I don't have context as to why the domain and the toke URL are different, that's how it was setup at my company and I don't have access to their Auth0 configuration.

The error I get when I use WithClient option
oauth2: Transport's Source is nil

As I mentioned above, this option only updates the m.http, so the m.tokenSource remains empty; from what I've seen from the SDK code for this option.

We have tried to use WithClientCredentialsAndAudience, but we get the same error. In the following code from internal/client:

https://github.com/auth0/go-auth0/blob/main/internal/client/client.go#L223

func OAuth2ClientCredentialsAndAudience(
	ctx context.Context,
	uri,
	clientID,
	clientSecret,
	audience string,
) oauth2.TokenSource {
	cfg := &clientcredentials.Config{
		ClientID:     clientID,
		ClientSecret: clientSecret,
		TokenURL:     uri + "/oauth/token",
		EndpointParams: url.Values{
			"audience": []string{audience},
		},
	}

	return cfg.TokenSource(ctx)
}

The uri is the domain, so there will be a mismatch since the token url and domain are different due to our unfortunate, I dare say questionable, setup. Therefore leading to an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ewanharris @medev21