Unable to retrieve Management API access token due to change in 8.4.0

[chrisnetonline]

Checklist

• [X] The issue can be reproduced in a a sample app (either webapp or api) (or N/A).
• [X] I have looked into the README and have not found a suitable solution or answer.
• [X] I have looked into the examples and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

SDK Version

8.3

PHP Version

PHP 8.1

Description

This is a regression in the new 8.4 SDK.

The new addClientAuthentication method introduced in feat(Authentication): Add support for Client Assertion #699 is overwriting the Management API client_id and client_secret with the Authentication client_id and client_secret set in the following sample code:

    protected function obtainManagementToken(Auth0Interface $client): void
    {
        $response = $client->authentication()->clientCredentials([
            'audience' => 'https://' . $this->config['domain'] . '/api/v2/',
            'client_id' => $this->config['management']['client_id'],
            'client_secret' => $this->config['management']['client_secret'],
        ]);

        if ($response->getStatusCode() >= 300) {
            Log::error('Auth0AuthorizationService@obtainManagementToken: Unexpected response', [
                'responseBody' => $response->getBody()->getContents(),
                'responseCode' => $response->getStatusCode(),
            ]);

            throw new RequestException(
                message: 'Unexpected status code: ' . $response->getReasonPhrase(),
                code: $response->getStatusCode(),
            );
        }

        $responseData = json_decode($response->getBody());

        $client->configuration()->setManagementToken($responseData?->access_token);
    }

    protected function getClient(): Auth0Interface
    {
        return new Auth0([
            'domain' => $this->config['domain'],
            'clientId' => $this->config['client_id'],
            'clientSecret' => $this->config['client_secret'],
            'cookieSecret' => $this->config['cookie_secret'],
            'cookieDomain' => $this->config['cookie_domain'],
        ]);
    }

This works fine in 8.3.8 and is broken in 8.4.0.

How can we reproduce this issue?

See notes above.

[evansims]

Hey @chrisnetonline 👋 Thanks very much for bringing this to my attention! I'll get a fix prepared.

[chrisnetonline]

Any update on this? Can I help in any way?

[evansims]

Hi @chrisnetonline 👋 Thanks for being patient, the team has been at an offsite this past week. We've prepared a fix that will ship with 8.5.0 this week.