search

auth0 / auth0-PHP

PHP SDK for Auth0 Authentication and Management APIs.
https://auth0.com/docs/libraries/auth0-php
MIT License
382 stars 213 forks source link

email_passwordless_start not setting client_secret #431

Closed ndriscoll closed 4 years ago

ndriscoll commented 4 years ago

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

Using Auth0\SDK\API\Authentication::email_passwordless_start to initiate passwordless authentication, I get a 403 with response body {"error":"unauthorized_client","error_description":"Client authentication is required"}. I've included my client_secret when constructing the Auth0\SDK\API\Authentication.

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

Where applicable, please include:

  • Code sample to reproduce the issue
  • Log files (redact/remove sensitive information)
  • Application settings (redact/remove sensitive information)
  • Screenshots

Can be reproduced with:

(new Authentication(config('laravel-auth0.domain'), config('laravel-auth0.client_id'), config('laravel-auth0.client_secret')))->email_passwordless_start($email, 'link');

Current library code is not setting the client_secret right here: https://github.com/auth0/auth0-PHP/blob/master/src/API/Authentication.php#L267

Environment

Please provide the following:

ndriscoll commented 4 years ago

Oh, looks like #430 already addresses this.

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.