Problem encountered with the $sdk->exchanges() method between versions 8.4.0 and 8.5.0

[roukmoute]

Checklist

• [X] The issue can be reproduced in a a sample app (either webapp or api) (or N/A).
• [X] I have looked into the README and have not found a suitable solution or answer.
• [X] I have looked into the examples and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

SDK Version

8.5

PHP Version

PHP 8.2

Description

Dear developer,

I encountered a problem with the $sdk->exchanges() method on version 8.5.0, which did not occur on version 8.4.0. Specifically, the method $response = $this->authentication()->codeExchange($code, $redirectUri, $pkce); returns an empty string in version 8.5.0. This then causes a JsonException.

For reference, here is an example of an expected response, based on version 8.4.0:

{"access_token": "eyJhbGciOiJk...", "scope": "openid profile email", "expires_in":86400, "token_type": "Bearer"}µ

The problem is in the file "vendor/nyholm/psr7/src/Stream.php:267, Nyholm\Psr7\Stream->getContents()".

To make it easier for you to understand, here is an overview of the debugging on version 8.5.0:

And a preview of the debugging on version 8.4.0:

I hope this information will be useful to identify and solve this problem. Do not hesitate to ask me if you need more information or if I can help you in any way.

Thank you in advance for your attention and support.

How can we reproduce this issue?

1. Install version 8.4.0 of the library Observe everything works fine.
2. composer require mylibrary/sdk:8.5.0

➤  composer require auth0/auth0-php:8.5.0
./composer.json has been updated
Running composer update auth0/auth0-php
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 9 installs, 1 update, 0 removals
  - Upgrading auth0/auth0-php (8.4.0 => 8.5.0)
  - Locking composer/semver (3.3.2)
  - Locking psr-discovery/all (1.0.0)
  - Locking psr-discovery/cache-implementations (1.0.0)
  - Locking psr-discovery/container-implementations (1.0.0)
  - Locking psr-discovery/discovery (1.0.2)
  - Locking psr-discovery/event-dispatcher-implementations (1.0.0)
  - Locking psr-discovery/http-client-implementations (1.0.0)
  - Locking psr-discovery/http-factory-implementations (1.0.0)
  - Locking psr-discovery/log-implementations (1.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 9 installs, 1 update, 0 removals
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing psr-discovery/discovery (1.0.2): Extracting archive
  - Installing psr-discovery/log-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/http-factory-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/http-client-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/event-dispatcher-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/container-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/cache-implementations (1.0.0): Extracting archive
  - Installing psr-discovery/all (1.0.0)
  - Upgrading auth0/auth0-php (8.4.0 => 8.5.0): Extracting archive
Package sensio/framework-extra-bundle is abandoned, you should avoid using it. Use Symfony instead.
Package twig/extensions is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
121 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Run composer recipes at any time to see the status of your Symfony recipes.

Executing script cache:clear [OK]
Executing script assets:install public [OK]

No security vulnerability advisories found

Observe that the method $sdk->codeExchange(); now returns an empty string, causing a JsonException.

[evansims]

Hi @roukmoute 👋 Thanks for raising this. That's odd. I'm unable to reproduce that on my end presently. I don't believe there were any code changes to the methods or workflow involved in the code exchange step in 8.5.

It sounds like your application is failing to craft and issue the network request, which most likely means the discovery library isn't picking up whatever PSR-18 or PSR-17/7 libraries your application is using. Can you run a composer show and paste the output here for me?

[roukmoute]

➤  composer show                       
auth0/auth0-php                    8.4.0              PHP SDK for Auth0 Authentication and Management APIs.
auth0/symfony                      5.0.0              Symfony SDK for Auth0 Authentication and Management APIs.
beste/clock                        2.3.1              A collection of Clock implementations
beste/json                         1.2.1              A simple JSON helper to decode and encode JSON
brick/math                         0.11.0             Arbitrary-precision arithmetic library
clue/stream-filter                 v1.6.0             A simple and modern approach to stream filtering in PHP
doctrine/annotations               1.14.3             Docblock Annotations Parser
doctrine/deprecations              v1.0.0             A small layer on top of trigger_error(E_USER_DEPRECATED) or PSR-3 logging with options to disable all deprecations or selectively for packages.
doctrine/inflector                 2.0.6              PHP Doctrine Inflector is a small library that can perform string manipulations with regard to upper/lowercase and singular/plural forms of words.
doctrine/instantiator              2.0.0              A small, lightweight utility to instantiate objects in PHP without invoking their constructors
doctrine/lexer                     2.1.0              PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.
egulias/email-validator            4.0.1              A library for validating emails against several RFCs
fig/http-message-util              1.1.5              Utility classes and constants for use with PSR-7 (psr/http-message)
firebase/php-jwt                   v6.4.0             A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
flutterwavedev/flutterwave-v3      1.0.5              A simple SDK for integrating to Flutterwave Payment
google/auth                        v1.26.0            Google Auth Library for PHP
google/cloud-core                  v1.50.0            Google Cloud PHP shared dependency, providing functionality useful to all components.
google/cloud-firestore             v1.30.0            Cloud Firestore Client for PHP
google/cloud-pubsub                v1.41.2            Cloud PubSub Client for PHP
google/cloud-storage               v1.30.3            Cloud Storage Client for PHP
google/common-protos               v3.2.0             Google API Common Protos for PHP
google/crc32                       v0.2.0             Various CRC32 implementations
google/gax                         v1.19.1            Google API Core for PHP
google/grpc-gcp                    v0.2.1             gRPC GCP library for channel management
google/longrunning                 v0.2.6             Google LongRunning Client for PHP
google/protobuf                    v3.22.3            proto library for PHP
graham-campbell/result-type        v1.1.1             An Implementation Of The Result Type
grpc/grpc                          1.52.0             gRPC library for PHP
guzzlehttp/guzzle                  7.5.1              Guzzle is a PHP HTTP client library
guzzlehttp/promises                1.5.2              Guzzle promises library
guzzlehttp/psr7                    1.9.1              PSR-7 message implementation that also provides common utility methods
http-interop/http-factory-guzzle   1.2.0              An HTTP Factory using Guzzle PSR7
kreait/firebase-php                6.9.5              Firebase Admin SDK
kreait/firebase-tokens             3.0.3              A library to work with Firebase tokens
lcobucci/clock                     3.1.0              Yet another clock abstraction
lcobucci/jwt                       4.3.0              A simple library to work with JSON Web Token and JSON Web Signature
lorenzo/pinky                      1.0.9              A Foundation for Emails (Inky) template transpiler
masterminds/html5                  2.8.0              An HTML5 parser and serializer.
matomo/device-detector             6.1.1              The Universal Device Detection library, that parses User Agents and detects devices (desktop, tablet, mobile, tv, cars, console, etc.), clients (browsers, media players, mobile apps, feed readers, libraries, etc), ...
monolog/monolog                    3.3.1              Sends your logs to files, sockets, inboxes, databases and various web services
mtdowling/jmespath.php             2.6.1              Declaratively specify how to extract elements from a JSON document
mustangostang/spyc                 0.6.3              A simple YAML loader/dumper class for PHP
myclabs/deep-copy                  1.11.1             Create deep copies (clones) of your objects
nikic/php-parser                   v4.15.4            A PHP parser written in PHP
norkunas/onesignal-php-api         v2.10.0            OneSignal API for PHP
nyholm/psr7                        1.7.0              A fast PHP7 implementation of PSR-7
phar-io/manifest                   2.0.3              Component for reading phar.io manifest information from a PHP Archive (PHAR)
phar-io/version                    3.2.1              Library for handling version information and constraints
php-coveralls/php-coveralls        v2.5.3             PHP client library for Coveralls API
php-http/client-common             2.6.1              Common HTTP Client implementations and tools for HTTPlug
php-http/discovery                 1.17.0             Finds and installs PSR-7, PSR-17, PSR-18 and HTTPlug implementations
php-http/guzzle7-adapter           1.0.0              Guzzle 7 HTTP Adapter
php-http/httplug                   2.4.0              HTTPlug, the HTTP client abstraction for PHP
php-http/message                   1.14.0             HTTP Message related tools
php-http/message-factory           1.1.0              Factory interfaces for PSR-7 HTTP Message
php-http/mock-client               1.5.0              Mock HTTP client
php-http/multipart-stream-builder  1.2.0              A builder class that help you create a multipart stream
php-http/promise                   1.1.0              Promise used for asynchronous HTTP requests
phpdocumentor/reflection-common    2.2.0              Common reflection classes used by phpdocumentor to reflect the code structure
phpdocumentor/reflection-docblock  5.3.0              With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.
phpdocumentor/type-resolver        1.7.1              A PSR-5 based resolver of Class names, Types and Structural Element Names
phpoption/phpoption                1.9.1              Option Type for PHP
phpspec/prophecy                   v1.17.0            Highly opinionated mocking framework for PHP 5.3+
phpspec/prophecy-phpunit           v2.0.2             Integrating the Prophecy mocking library in PHPUnit test cases
phpstan/phpdoc-parser              1.20.3             PHPDoc parser with support for nullable, intersection and generic types
phpstan/phpstan                    1.10.14            PHPStan - PHP Static Analysis Tool
phpunit/php-code-coverage          9.2.26             Library that provides collection, processing, and rendering functionality for PHP code coverage information.
phpunit/php-file-iterator          3.0.6              FilterIterator implementation that filters files based on a list of suffixes.
phpunit/php-invoker                3.1.1              Invoke callables with a timeout
phpunit/php-text-template          2.0.4              Simple template engine.
phpunit/php-timer                  5.0.3              Utility class for timing
phpunit/phpcov                     8.2.1              CLI frontend for php-code-coverage
phpunit/phpunit                    9.6.7              The PHP Unit Testing framework.
psr/cache                          3.0.0              Common interface for caching libraries
psr/clock                          1.0.0              Common interface for reading the clock.
psr/container                      2.0.2              Common Container Interface (PHP FIG PSR-11)
psr/event-dispatcher               1.0.0              Standard interfaces for event handling.
psr/http-client                    1.0.2              Common interface for HTTP clients
psr/http-factory                   1.0.2              Common interfaces for PSR-7 HTTP message factories
psr/http-message                   1.1                Common interface for HTTP messages
psr/log                            2.0.0              Common interface for logging libraries
ralouphie/getallheaders            3.0.3              A polyfill for getallheaders.
ramsey/collection                  2.0.0              A PHP library for representing and manipulating collections.
ramsey/uuid                        4.7.4              A PHP library for generating and working with universally unique identifiers (UUIDs).
riverline/multipart-parser         2.1.0              One class library to parse multipart content with encoding and charset support.
rize/uri-template                  0.3.5              PHP URI Template (RFC 6570) supports both expansion & extraction
sebastian/cli-parser               1.0.1              Library for parsing CLI options
sebastian/code-unit                1.0.8              Collection of value objects that represent the PHP code units
sebastian/code-unit-reverse-lookup 2.0.3              Looks up which function or method a line of code belongs to
sebastian/comparator               4.0.8              Provides the functionality to compare PHP values for equality
sebastian/complexity               2.0.2              Library for calculating the complexity of PHP code units
sebastian/diff                     4.0.4              Diff implementation
sebastian/environment              5.1.5              Provides functionality to handle HHVM/PHP environments
sebastian/exporter                 4.0.5              Provides the functionality to export PHP variables for visualization
sebastian/global-state             5.0.5              Snapshotting of global state
sebastian/lines-of-code            1.0.3              Library for counting the lines of code in PHP source code
sebastian/object-enumerator        4.0.4              Traverses array structures and object graphs to enumerate all referenced objects
sebastian/object-reflector         2.0.4              Allows reflection of object attributes, including inherited and non-public ones
sebastian/recursion-context        4.0.5              Provides functionality to recursively process PHP variables
sebastian/resource-operations      3.0.3              Provides a list of PHP built-in functions that operate on resources
sebastian/type                     3.2.1              Collection of value objects that represent the types of the PHP type system
sebastian/version                  3.0.2              Library that helps with managing the version number of Git-hosted PHP projects
sendinblue/api-v3-sdk              v7.4.5             Official SendinBlue provided RESTFul API V3 php library
sensio/framework-extra-bundle      v6.2.10            This bundle provides a way to configure your controllers with annotations
spatie/schema-org                  3.14.0             A fluent builder Schema.org types and ld+json generator
squizlabs/php_codesniffer          3.7.2              PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
stella-maris/clock                 0.1.7              A pre-release of the proposed PSR-20 Clock-Interface
stripe/stripe-php                  dev-master ca6e69d Stripe PHP Library
symfony/apache-pack                v1.0.1             A pack for Apache support in Symfony
symfony/asset                      v6.2.7             Manages URL generation and versioning of web assets such as CSS stylesheets, JavaScript files and image files
symfony/browser-kit                v6.2.7             Simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms programmatically
symfony/cache                      v6.2.8             Provides extended PSR-6, PSR-16 (and tags) implementations
symfony/cache-contracts            v3.2.1             Generic abstractions related to caching
symfony/config                     v6.2.7             Helps you find, load, combine, autofill and validate configuration values of any kind
symfony/console                    v6.2.8             Eases the creation of beautiful and testable command line interfaces
symfony/css-selector               v6.2.7             Converts CSS selectors to XPath expressions
symfony/debug-bundle               v6.2.7             Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework
symfony/dependency-injection       v6.2.8             Allows you to standardize and centralize the way objects are constructed in your application
symfony/deprecation-contracts      v2.5.2             A generic function and convention to trigger deprecation notices
symfony/dom-crawler                v6.2.9             Eases DOM navigation for HTML and XML documents
symfony/dotenv                     v6.2.8             Registers environment variables from a .env file
symfony/error-handler              v6.2.9             Provides tools to manage errors and ease debugging PHP code
symfony/event-dispatcher           v6.2.8             Provides tools that allow your application components to communicate with each other by dispatching events and listening to them
symfony/event-dispatcher-contracts v3.2.1             Generic abstractions related to dispatching event
symfony/expression-language        v6.2.7             Provides an engine that can compile and evaluate expressions
symfony/filesystem                 v6.2.7             Provides basic utilities for the filesystem
symfony/finder                     v6.2.7             Finds files and directories via an intuitive fluent interface
symfony/flex                       v1.19.5            Composer plugin for Symfony
symfony/form                       v6.2.8             Allows to easily create, process and reuse HTML forms
symfony/framework-bundle           v6.2.9             Provides a tight integration between Symfony components and the Symfony full-stack framework
symfony/http-client                v6.2.9             Provides powerful methods to fetch HTTP resources synchronously or asynchronously
symfony/http-client-contracts      v3.2.1             Generic abstractions related to HTTP clients
symfony/http-foundation            v6.2.8             Defines an object-oriented layer for the HTTP specification
symfony/http-kernel                v6.2.9             Provides a structured process for converting a Request into a Response
symfony/intl                       v6.2.9             Provides access to the localization data of the ICU library
symfony/mailer                     v6.2.8             Helps sending emails
symfony/maker-bundle               v1.48.0            Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.
symfony/mime                       v6.2.7             Allows manipulating MIME messages
symfony/monolog-bridge             v6.2.8             Provides integration for Monolog with various Symfony components
symfony/monolog-bundle             v3.8.0             Symfony MonologBundle
symfony/notifier                   v6.2.8             Sends notifications via one or more channels (email, SMS, ...)
symfony/options-resolver           v6.2.7             Provides an improved replacement for the array_replace PHP function
symfony/password-hasher            v6.2.7             Provides password hashing utilities
symfony/phpunit-bridge             v6.2.7             Provides utilities for PHPUnit, especially user deprecation notices management
symfony/polyfill-intl-grapheme     v1.27.0            Symfony polyfill for intl's grapheme_* functions
symfony/polyfill-intl-icu          v1.27.0            Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-intl-idn          v1.27.0            Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions
symfony/polyfill-intl-normalizer   v1.27.0            Symfony polyfill for intl's Normalizer class and related functions
symfony/polyfill-mbstring          v1.27.0            Symfony polyfill for the Mbstring extension
symfony/polyfill-php72             v1.27.0            Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions
symfony/polyfill-php80             v1.27.0            Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions
symfony/polyfill-php81             v1.27.0            Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions
symfony/property-access            v6.2.8             Provides functions to read and write from/to an object or array using a simple string notation
symfony/property-info              v6.2.8             Extracts information about PHP class' properties using metadata of popular sources
symfony/routing                    v6.2.8             Maps an HTTP request to a set of configuration variables
symfony/runtime                    v6.2.8             Enables decoupling PHP applications from global state
symfony/security-bundle            v6.2.8             Provides a tight integration of the Security component into the Symfony full-stack framework
symfony/security-core              v6.2.8             Symfony Security Component - Core Library
symfony/security-csrf              v6.2.7             Symfony Security Component - CSRF Library
symfony/security-http              v6.2.8             Symfony Security Component - HTTP Integration
symfony/serializer                 v6.2.8             Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON.
symfony/service-contracts          v3.2.1             Generic abstractions related to writing services
symfony/stopwatch                  v6.2.7             Provides a way to profile code
symfony/string                     v6.2.8             Provides an object-oriented API to strings and deals with bytes, UTF-8 code points and grapheme clusters in a unified way
symfony/test-pack                  v1.1.0             A pack for functional and end-to-end testing within a Symfony app
symfony/translation                v6.2.8             Provides tools to internationalize your application
symfony/translation-contracts      v3.2.1             Generic abstractions related to translation
symfony/twig-bridge                v6.2.8             Provides integration for Twig with various Symfony components
symfony/twig-bundle                v6.2.7             Provides a tight integration of Twig into the Symfony full-stack framework
symfony/validator                  v6.2.8             Provides tools to validate values
symfony/var-dumper                 v6.2.8             Provides mechanisms for walking through any arbitrary PHP variable
symfony/var-exporter               v6.2.8             Allows exporting any serializable PHP data structure to plain PHP code
symfony/web-profiler-bundle        v6.2.7             Provides a development tool that gives detailed information about the execution of any request
symfony/webpack-encore-bundle      v1.16.1            Integration with your Symfony app & Webpack Encore!
symfony/yaml                       v6.2.7             Loads and dumps YAML files
theseer/tokenizer                  1.2.1              A small library for converting tokenized PHP source code into XML and potentially other formats
tijsverkoyen/css-to-inline-styles  2.2.6              CssToInlineStyles is a class that enables you to convert HTML-pages/files into HTML-pages/files with inline styles. This is very useful when you're sending emails.
twig/cssinliner-extra              v3.5.1             A Twig extension to allow inlining CSS
twig/extensions                    v1.5.4             Common additional features for Twig that do not directly belong in core
twig/extra-bundle                  v3.5.1             A Symfony bundle for extra Twig extensions
twig/inky-extra                    v3.5.1             A Twig extension for the inky email templating engine
twig/twig                          v2.15.4            Twig, the flexible, fast, and secure template language for PHP
vlucas/phpdotenv                   v5.5.0             Loads environment variables from `.env` to `getenv()`, `$_ENV` and `$_SERVER` automagically.
webmozart/assert                   1.11.0             Assertions to validate method input/output with nice error messages.
wesbos/burner-email-providers      dev-master 8ddb284 A list of burner email providers.
wikimedia/composer-merge-plugin    v2.1.0             Composer plugin to merge multiple composer.json files

[evansims]

👋 Thanks @roukmoute. A lot more to try to weed through there than I was expecting 😅

Can you please share output of the following as well:

• composer show --no-dev
• composer show --no-dev --direct
• composer why guzzlehttp/psr7

It would be helpful to see this output after updating to 8.5, since that's the version you're having issues with.

I'm noticing your guzzlehttp/psr7 is out of date, and ^2.0 is when they added PSR-17 support, so you may just need to bump that version.

Thanks!

[evansims]

Going to close this for now, but please let me know if this continues to be an issue for you and we can diagnose it further here. Thanks!

[ERuban]

@roukmoute hey, have you find out the solution for that issue? Seems getting the same with the actual guzzlehttp/psr7

[roukmoute]

Sorry it's been a long time and I think at the time I can't do anything.

[ERuban]

@roukmoute seems I have found the problem. First of all, we have found that issue only on local/development environment. I have dumped the httpClient used - and it was Http/Mock/Client - this way we get 200 OK response with the empty body. Looking to the psr-discovery package (that used to discover the http client) docs I've found this - https://github.com/psr-discovery#mocking-priority So this way on dev envs we get wrong http client.

So, if you use the Symfony (as I can see) you need to provide httpClient: new Psr18Client() to the SdkConfiguration to make it work properly.

@evansims