Skip to content

Added support for auth0-forwarded-for header to the AuthApi.login methods#302

Closed
ScottFitz wants to merge 5 commits intoauth0:masterfrom
ScottFitz:support-auth0-forwarded-for-header
Closed

Added support for auth0-forwarded-for header to the AuthApi.login methods#302
ScottFitz wants to merge 5 commits intoauth0:masterfrom
ScottFitz:support-auth0-forwarded-for-header

Conversation

@ScottFitz
Copy link
Copy Markdown

@ScottFitz ScottFitz commented Oct 20, 2020

Changes

This PR adds support for the auth0-forwarded-for header to the AuthAPI.login calls.
This was added in order to avoid the common issue with anomaly dection described here: https://auth0.com/docs/authorization/avoid-common-issues-with-resource-owner-password-flow-and-anomaly-detection#send-the-user-s-ip-address-from-your-server

A new entity, CustomHeaderOptions is added along with the following updates to the AuthAPI class to use that new entity:

  • AuthAPI.login(String emailOrUsername, char[] password, CustomHeaderOptions options) method added
  • AuthAPI.login(String emailOrUsername, char[] password, String realm, CustomHeaderOptions options) method added
  • Tests were updated, README.md was updated.

References

The auth0-forwarded-for header is required in some instances, as described here:
https://auth0.com/docs/authorization/avoid-common-issues-with-resource-owner-password-flow-and-anomaly-detection#send-the-user-s-ip-address-from-your-server

Testing

Unit tests were updated, and example provided in README.

  • This change adds test coverage
  • This change has been tested on the latest version of the platform/language or why not

Checklist

@ScottFitz ScottFitz requested a review from a team October 20, 2020 00:04
@stevehobbsdev
Copy link
Copy Markdown

stevehobbsdev commented Oct 21, 2020

@ScottFitz Thanks for submitting this. Could you please resolve the conflicting files? Please reach out if you need help with context for those.

@jimmyjames
Copy link
Copy Markdown
Contributor

jimmyjames commented Oct 21, 2020

Hi @ScottFitz, thanks for the PR! I do think we may be able to do this in a different way, by leveraging the existing request classes that allow for further customizing the request (adding headers, parameters, etc.).

I think we can either change the signatures of the login APIs to return a TokenRequest, or perhaps even modify AuthRequest to extend CustomizableRequest (though this may have a breaking change effect for anyone who happens to be extending AuthRequest). I'll be looking into this this week and will provide an update here, at which point we can update this PR or create a new one to address this issue.

In the short-term, you could downcast the return value to a TokenRequest, which does support adding headers (not an ideal solution, but available if you need to address this in your codebase quickly).

@jimmyjames jimmyjames self-requested a review October 26, 2020 20:40
This was referenced Oct 26, 2020
Closed
Merged
@jimmyjames
Copy link
Copy Markdown
Contributor

jimmyjames commented Oct 30, 2020

Superseded by #307. Thanks for kicking this off!

@jimmyjames jimmyjames closed this Oct 30, 2020
@ScottFitz ScottFitz deleted the support-auth0-forwarded-for-header branch December 17, 2020 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jimmyjames jimmyjames Awaiting requested review from jimmyjames

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ScottFitz @stevehobbsdev @jimmyjames @ScottFitz-ecobee