cross_origin_authentication properties is not included in response

[itsmeyaw]

Checklist

• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

The Auth0 Management API now uses the cross_origin_authentication instead of cross_origin_auth inside the Client object to specify whether the client can perform CORS authentication.

However, the current version of the API library does not include this when performing a GET query on a single application.

Reproduction

The issue can be reproduced consistently with the following steps:

1. Initialize the Auth0 Management API client using library
   • No scopes are passed into the parameter
2. Call the Client endpoint by using getClient method with client_id in the parameter, print the result returned from the method.

Additional context

No response

node-auth0 version

3.6.0

Node.js version

18

[frederikprijck]

Thanks for reporting. It looks like it isn't returned by the Rest API when it hasn't been specified explicitly, can you confirm that as well?

There isn't much we can do from the SDK side tho, if the field isn't returned by the API we can't make it appear through using this SDK.

I reached out to the corresponding team internally to get more information about this behavior and whether or not it's expected.

[itsmeyaw]

Thank you for the reply! As I tried again, the GET client API (https://{{endpoint}}/api/v2/clients/{{client_id}}) returned both the value of cross_origin_auth (which always return false) and cross_origin_authentication (which holds the correct value) regardless the field is specified or not.

[frederikprijck]

Do I understand correctly that it's now returned when using the SDK?

[itsmeyaw]

Sorry for being unclear, I meant when I tried directly using the REST Api, it returns the correct object (but contains both cross_origin_auth and cross_origin_authentication properties). However, the SDK does not include the new cross_origin_authentication property.

[frederikprijck]

Can you verify you use the exact same client id (and whatever you are using to call the API directly) to retrieve it, as our SDK should just pass through anything the API returns?

[itsmeyaw]

I used different value, the results are the same when the client id are the same. I also just realized that the value cross_origin_authentication shows up when you change the value in the management API at least once. Is this the intended behavior of the API?

[frederikprijck]

As mentioned, I reached out to the API team internally, but the SDK is working correctly. I can't speak for whether or not this is desired behavior.

Closing as our SDK does not control how the API behaves, but will follow up internally.

[itsmeyaw]

Thank you and I am looking forward to the follow up!

[frederikprijck]

This appears to be as designed. We can ignore the cross_origin_auth and only focus on cross_origin_authentication. When no cross_origin_authentication is returned, it's the same as false.