Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AndroidX new auth0Client Adds a slash at the end of the Issuer and causes a mismatch exception #330

Open
5 tasks done
Crorpa opened this issue Jul 23, 2024 · 7 comments
Open
5 tasks done
Labels

Comments

@Crorpa
Copy link

Crorpa commented Jul 23, 2024

Checklist

  • I have looked into the Readme and the documentation, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

When doing Login Async on Xamarin (Android) using AndroidX nugget it return an exception: Issuer (iss) claim mismatch in the ID token; expected "https://domain/", found "https://domain".

I can see this Issuer at Auth0client/base/Non_public members/_idtokenRequirements/Issuer

It seems that instantiating auth0client adds a slash at the end of Issuer, because I put the domain without that slash.

Reproduction

Follow Auth0.oidclient.AndroidX guide, this for example:

https://auth0.com/docs/quickstart/native/net-android-ios/interactive

Additional context

No response

auth0-oidc-client-net version

AndroiX 4.0.0

.NET version

.Net Standard 2.1

Platform

Android

Platform version(s)

13.0

@Crorpa Crorpa added the bug label Jul 23, 2024
@Crorpa Crorpa changed the title AndroidX LoginAsync() Adds a slash at the end of the Issuer and causes a mismatch exception AndroidX new auth0Client Adds a slash at the end of the Issuer and causes a mismatch exception Jul 23, 2024
@AliKarimiENT
Copy link

I have faced the same issue

@AliKarimiENT
Copy link

My exception is as the blow:
Auth0.OidcClient.Tokens.IdTokenValidationException: Issuer (iss) claim mismatch in the ID token; expected "https://Domain/", found "https://Domain". at Auth0.OidcClient.Tokens.IdTokenValidator.AssertTokenClaimsMeetRequirements(IdTokenRequirements required, JwtSecurityToken token, DateTime pointInTime) at Auth0.OidcClient.Tokens.IdTokenValidator.AssertTokenMeetsRequirements(IdTokenRequirements required, String rawIDToken, Nullable1 pointInTime, ISignatureVerifier signatureVerifier)
at Auth0.OidcClient.Auth0ClientBase.LoginAsync(Object extraParameters, CancellationToken cancellationToken)
at BobThePhysio.Mobile.Infrastructure.Services.AuthorizationService.LoginAsync() in /Users/alikarimi/Projects/BobDePhisio/src/BobThePhysio.Mobile.Infrastructure/Services/AuthorizationService.cs:line 27`

@AliKarimiENT
Copy link

@Crorpa Have you found a solution for this?

@frederikprijck
Copy link
Member

frederikprijck commented Aug 17, 2024

Can you elaborate what the issuer is?
As far as i know, with auth0, the issuer always has a trailing slash, and the issuer is expected to be https://domain/.

Are you saying your issuer with auth0 does not have a trailing slash?

If you are using another identity provider, and not auth0, please know this is designed to only work with auth0. If you use a different identity provider, you should be fine just using IdentityModel.OidcClient like we use under the hood.

@Crorpa
Copy link
Author

Crorpa commented Aug 19, 2024

@AliKarimiENT Sorry, I couldn't find any solution, I don't use this nugget anymore, finally I did this manually without any nugget or library.

@frederikprijck Yes, I'm using auth0, Okta authentication by code, I think that's the problem because when I used authentication by token it works well but not with authentication by code.

@AliKarimiENT
Copy link

@Crorpa After trying many times, I decided to stop using it because of poor support and switched to using the OidcClient nuget package instead. It works well and I was also able to display it as a WebView, and the configuration works there too.

@dimadsen
Copy link

dimadsen commented Nov 28, 2024

Can you elaborate what the issuer is? As far as i know, with auth0, the issuer always has a trailing slash, and the issuer is expected to be https://domain/.

Are you saying your issuer with auth0 does not have a trailing slash?

If you are using another identity provider, and not auth0, please know this is designed to only work with auth0. If you use a different identity provider, you should be fine just using IdentityModel.OidcClient like we use under the hood.

@frederikprijck even in the documentation there is no slash https://openid.net/specs/openid-connect-core-1_0.html#IDToken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants