auth0 / auth0-oidc-client-net

OIDC Client for .NET Desktop and Mobile applications
https://auth0.github.io/auth0-oidc-client-net/
Apache License 2.0
86 stars 49 forks source link

Impossible to login anymore, any recent breaking change ? #232

Closed ClementCHA closed 2 years ago

ClementCHA commented 2 years ago

Description

Any recent breaking change ? Impossible to login anymore since a week now.

Expected behaviour

Authentification success

Actual behaviour

When use for the first time, the authentification window is opening successfully. If we create new user or even try to connect with existent username+ password => Authentification window is closing and it's impossible to connect. The window is briefly opening then immediatly closing. Important NOTE : We still can create new account. (screenShot 1)

Steps to reproduce the problem

1) Launch the project for the first time 2) authentification or inscription 3) Fill the different text field 4) Create/Login button 5) Window is closing 6) Click again on "Create/Login" 7) the window is opening then immediatly closing 8) Impossible to connect or to create new user again

Language / Framework Versions

UWP project C#

Testing environment

  1. Windows 11 Pro

Screenshots

Auth Success HIde Elow Playground Hide

frederikprijck commented 2 years ago

Hello,

This SDK has not gotten any new release since the 26th of July, which is over 2 months. What has changed on your application since the issue started occurring? Did you upgrade our SDK? If so, from what version to which version did you migrate? Also, does the issue persist if you revert that upgrade?

If you didn't upgrade, can you let me know what version you are using? But also, it's unlikely that we are involved if you didnt upgrade our SDK and it worked before but doesn't anymore today.

Thanks.

ClementCHA commented 2 years ago

Hello, thanks for your quick answer.

I know that sounds cliché but we didn't made any change since at least 6 months on the application which is implementing Auth0 client. We didn't, our client didn't neither.

We were indeed not on the latest version so we already try to update :

Auth0.ManagementApi 7.12 => 7.17.2 Auth0.OidcClient.UWP 3.2.4 => 3.2.5

But that unfortunatly doesn't fix the problem yet.

(Sorry for the issues open twice on two different place 😬)

frederikprijck commented 2 years ago

If you haven't upgraded our SDK, or even haven't made any change to your application, I can't realy tell what is causing this.

I would recommend troubleshouting things on your side, such as devices, OS versions, OS settings etc, to try and identify at what point it stopped working.

ClementCHA commented 2 years ago

I tried to update the SDK on your Sample and it's not working neither.

ClementCHA commented 2 years ago

Important UPDATE I just try to create a new blank app, install the latest SDK, follow the doc' and the problem is still there tho. Either in my brand new app or on in your Sample, that's aint working. Could you check on your side ?

Sorry for the inconvenients and thanks !

frederikprijck commented 2 years ago

Yes I have tried this myself in a UWP app and everything works as expected. I am wondering if there is anything about your environment that can cause this?

ClementCHA commented 2 years ago

Do we need to add Domain in Content URIs section of manifest ? image

ClementCHA commented 2 years ago

Hello again,

After searching/debuging, we succeed to find why that's not working on our side :

=> When you're calling API endpoint : https://dev--7p8lnwb.us.auth0.com/oauth/token, if we don't pass the ClientSecret, we get an Unauthorized error.

Fact is that, even if we pass the ClientSecret like this :

 client = new Auth0Client(new Auth0ClientOptions
            {
                Domain = domain,
                ClientId = clientId,
                ClientSecret = MyClientSecret
            });

That's aint working cause you're making that check : (Auth0ClientBase.cs line 159)

if (!String.IsNullOrWhiteSpace(oidcClientOptions.ClientSecret))
   oidcClientOptions.ClientSecret = options.ClientSecret;

We get that you will remove the clientSecret in a future update but for now we're unable to login/signIn without that change :

if (!String.IsNullOrWhiteSpace(**options**.ClientSecret))
   oidcClientOptions.ClientSecret = options.ClientSecret;

Can we discuss about it? It was perfectly working 2 weeks ago and now it seems that we have to include the clientSecret. Can you consider to make a workarround for this ? To the extent that you soon want to remove the clientSecret, we're not really into add your SDK reference ourselves in our project, modify this today and modify it once again when you'll have this remove.

Maybe you have an alternative for us ? Bypassing the clientSecret ? Adding something/Somewhere?

frederikprijck commented 2 years ago

You should not need a client_secret when using our SDK. If you do, your Auth0 application might be configured incorrectly.

The code you refer to has been there for over 3 years now, so if it used to work before, the issue is not with that.

I would advice having a look into your Auth0 logs, which you can find on your Auth0 dashboard on manage.auth0.com, under Monitoring > Logs.

Also be sure the application has Token EndPoint Authentication Method set to None:

image

ClementCHA commented 2 years ago

Hello again (that's the last message, I swear) !

We finally find out, the probelm come from an Action we set in the application flow and that's aint about Auth0 (Yeah, we deserved that "I'm telling you so since two days now")

Please accept our apologies and thanks a lot for your time, your reaction time and your advices (And your calm 😬 )

Thanks again and see you around ✌️