Closed ramonschriks closed 8 months ago
Attention: 1 lines
in your changes are missing coverage. Please review.
Comparison is base (
14b405e
) 100.00% compared to head (d95cd7d
) 99.97%. Report is 1 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
src/Token.php | 85.71% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Hey @evansims,
Thanks for approving! Not hurry things up or something, but more out of curiosity, how long would it normally take for this to be included within the next release? And also for the auth0/wordpress plugin, which depends on this?
Thanks in advance!
Hey, @ramonschriks 👋 Happy New Year! Sorry for the delay. Usually, we'd cut a release immediately, but we've been on a code freeze this past week with the holidays. That'll be lifted at the end of this week, so I'll get a release cut after that.
Hey again, @ramonschriks just wanted to let you know this has shipped in 8.11. Thanks for your contribution, and sorry for the delay!
@evansims Thanks! However, i made a mistake and perhaps a unit test is still needed to be added to ensure correct functionality. https://github.com/auth0/auth0-PHP/pull/755
When a token is issued, the token issuer is validated against the (tenant)domain within the configuration. However, when a custom domain is provided within the SDK configuration, the issuer is validated against that custom domain.
This fix will, in case of custom domain set in SDK configuration, validates the custom domain at first against the issuer within the token (same as previous behaviour). However in case of failure fallback to the tenant domain set in the SDK Configuration.
Use case:
All auth0 requests (e.g. token and validation) are sent to custom domain. In certain situations, the custom domain acts as a proxy that actually does some extended validation on the client request and redirects the requests to the actual tenant domain. Therefor, the tenant domain is the origin issuer of the token, while the requests are proxied through the custom domain.
Changes
References
Testing
Contributor Checklist