Skip to content

Adding Auth0.AuthenticationApi package dependency #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Adding Auth0.AuthenticationApi package dependency #148

wants to merge 8 commits into from
+529 −0

Conversation

kailash-b
Copy link
Contributor

@kailash-b kailash-b commented May 20, 2025
edited by jira bot
Loading

Description

  • Adds Auth0.AuthenticationApi package as a direct dependency.
  • Developers can now use the features of Auth0.AuthenticationApi without adding/managing a separate reference.
  • Examples are updated to show how to register the dependency and use the AuthenticationApiClient.
  • Added a new Auth0CibaService that the developers can register as dependency. It simplifies the CIBA flows and provides a default polling mechanism that the users can opt for. It also provides flexibility for the users to have their own polling mechanism.
  • Examples are updated to show how to register the dependency and use the Auth0CibaService.

Internal References

Testing

  • Tested the changes on the sample application as well.
  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not main

@kailash-b kailash-b requested a review from a team as a code owner May 20, 2025 11:15
nandan-bhat
nandan-bhat previously approved these changes May 21, 2025
View reviewed changes
andychiare
andychiare reviewed May 29, 2025
View reviewed changes
...Auth0.AspNetCore.Authentication/ClientInitiatedBackChannelAuthentication/Auth0CibaService.cs Outdated
Comment on lines 77 to 117
while (true)
{
_logger.LogDebug($"Polling CIBA token endpoint for auth_req_id: {initDetails.AuthRequestId} ");
try
{
var response = await _authenticationApiClient.GetTokenAsync(request);

return new CibaCompletionDetails
{
AccessToken = response.AccessToken,
IdToken = response.IdToken,
TokenType = response.TokenType,
Scope = response.Scope,
ExpiresIn = response.ExpiresIn,
RefreshToken = response.RefreshToken,
IsSuccessful = true,
IsAuthenticationPending = false,
};
}
catch (ErrorApiException ex)
{
_logger.LogWarning(
ex,
$"CIBA polling error for auth_req_id: {initDetails.AuthRequestId}." +
$" Error: {ex.ApiError.Error}, Description: {ex.ApiError.Message}");

if (ex.ApiError.Error.Contains("authorization_pending", StringComparison.OrdinalIgnoreCase))
{
await Task.Delay(TimeSpan.FromSeconds(initDetails.Interval ?? 5));
continue;
}

return new CibaCompletionDetails
{
IsAuthenticationPending = false,
Error = ex.ApiError.Error,
ErrorMessage = ex.ApiError.Message,
IsSuccessful = false
};
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Naive question: 🙂 Is this safe?
I'm always scared by while (true) 🙂 It doesn't explicitly communicate the termination criteria.
I suggest something like the following, but feel free to ignore my comment:

Suggested change
while (true)
{
_logger.LogDebug($"Polling CIBA token endpoint for auth_req_id: {initDetails.AuthRequestId} ");
try
{
var response = await _authenticationApiClient.GetTokenAsync(request);
return new CibaCompletionDetails
{
AccessToken = response.AccessToken,
IdToken = response.IdToken,
TokenType = response.TokenType,
Scope = response.Scope,
ExpiresIn = response.ExpiresIn,
RefreshToken = response.RefreshToken,
IsSuccessful = true,
IsAuthenticationPending = false,
};
}
catch (ErrorApiException ex)
{
_logger.LogWarning(
ex,
$"CIBA polling error for auth_req_id: {initDetails.AuthRequestId}." +
$" Error: {ex.ApiError.Error}, Description: {ex.ApiError.Message}");
if (ex.ApiError.Error.Contains("authorization_pending", StringComparison.OrdinalIgnoreCase))
{
await Task.Delay(TimeSpan.FromSeconds(initDetails.Interval ?? 5));
continue;
}
return new CibaCompletionDetails
{
IsAuthenticationPending = false,
Error = ex.ApiError.Error,
ErrorMessage = ex.ApiError.Message,
IsSuccessful = false
};
}
}
var cibaCompletionDetails = new CibaCompletionDetails
{
IsSuccessful = false,
IsAuthenticationPending = true,
};
while (!cibaCompletionDetails.IsSuccessful && cibaCompletionDetails.IsAuthenticationPending)
{
_logger.LogDebug($"Polling CIBA token endpoint for auth_req_id: {initDetails.AuthRequestId} ");
try
{
var response = await _authenticationApiClient.GetTokenAsync(request);
cibaCompletionDetails.AccessToken = response.AccessToken;
cibaCompletionDetails.IdToken = response.IdToken;
cibaCompletionDetails.TokenType = response.TokenType;
cibaCompletionDetails.Scope = response.Scope;
cibaCompletionDetails.ExpiresIn = response.ExpiresIn;
cibaCompletionDetails.RefreshToken = response.RefreshToken;
cibaCompletionDetails.IsSuccessful = true;
cibaCompletionDetails.IsAuthenticationPending = false;
}
catch (ErrorApiException ex)
{
_logger.LogWarning(
ex,
$"CIBA polling error for auth_req_id: {initDetails.AuthRequestId}." +
$" Error: {ex.ApiError.Error}, Description: {ex.ApiError.Message}");
if (ex.ApiError.Error.Contains("authorization_pending", StringComparison.OrdinalIgnoreCase))
{
await Task.Delay(TimeSpan.FromSeconds(initDetails.Interval ?? 5));
continue;
}
cibaCompletionDetails.IsAuthenticationPending = false;
cibaCompletionDetails.Error = ex.ApiError.Error;
cibaCompletionDetails.ErrorMessage = ex.ApiError.Message;
cibaCompletionDetails.IsSuccessful = false;
}
}
return cibaCompletionDetails;

andychiare
andychiare reviewed Jun 13, 2025
View reviewed changes
EXAMPLES.md
@@ -444,3 +444,97 @@ public class LogoutModel : PageModel
}
}
```

# Accessing Auth0.AuthenticationApi features
`Auth0.AuthenticationApi` package is our standalone Authentication package that supports a wide range of
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`Auth0.AuthenticationApi` package is our standalone Authentication package that supports a wide range of
`Auth0.AuthenticationApi` package is our standalone Authentication package that supports a wide range of

andychiare
andychiare reviewed Jun 13, 2025
View reviewed changes
Copy link
Contributor

@andychiare andychiare left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some suggestions to improve the presentation of the new supported features.
In particular, a reference to the two new sections in the table of contents of the EXAMPLES.md file is missing

EXAMPLES.md Outdated

# Accessing Auth0.AuthenticationApi features
`Auth0.AuthenticationApi` package is our standalone Authentication package that supports a wide range of
options for Authentication. We can access these features like below :
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to give some context of what you are showing below.

Suggested change
options for Authentication. We can access these features like below :
options for Authentication. For example, you can use it to implement the [client credentials flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow), as shown below :

EXAMPLES.md Outdated
@@ -444,3 +444,97 @@ public class LogoutModel : PageModel
}
}
```

# Accessing Auth0.AuthenticationApi features
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a reference to this section in the table of contents at the top of this doc.

EXAMPLES.md Outdated
}
```

# Accessing specific features like CIBA
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a reference to this section in the table of contents at the top of this doc.
I would just say:

Suggested change
# Accessing specific features like CIBA
# Using CIBA

EXAMPLES.md Outdated
/// Program.cs / Startup.cs
builder.Services.AddAuth0WebAppAuthentication(options =>
{
options.Domain = "domain";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this required too? 🤔

EXAMPLES.md Outdated
LoginHint = new LoginHint()
{
Format = "iss_sub",
Issuer = "https://dx-sdks-testing.us.auth0.com/",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to leave this URL here or indicate as follows:

Suggested change
Issuer = "https://dx-sdks-testing.us.auth0.com/",
Issuer = https://domain", //replace "domain" with your Auth0 domain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andychiare andychiare andychiare left review comments

@nandan-bhat nandan-bhat nandan-bhat left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kailash-b @andychiare @nandan-bhat