MFA API Bearer token issue

santiagodoldan commented 10 months ago

Checklist

[X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

I found what it seems an issue while trying to interact with the MFA API for testing purposes, to test this API I decided to monkey patch the https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/api/authentication_endpoints.rb module, this was the easiest way to interact with the MFA API using existing mechanisms (If this works and is something that makes sense including in the gem I'd love to implement a better solution and create a PR), continuing with the issue and because of how MFA endpoints work when a user does not have an authenticator method, I need to pass the mfa_token I get with the mfa_required error type in the Bearer header, this was not working and after some investigation I figured out that extra headers when making POST API calls do not work, the gem does not take extra_headers into account in that case https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/mixins/httpproxy.rb#L95, I'd like to understand if that's something that makes sense implementing and if that's the case I'm available to create a PR to cover that use case.

Here just a snippet of the monkey patch I described above to associate a new MFA

module Auth0
  module Api
    module AuthenticationEndpoints
      def mfa_otp_associate(client_id: @client_id, client_secret: @client_secret, mfa_token:)
        request_params = {
          client_id: client_id,
          client_secret: client_secret,
          authenticator_types: ['otp']
        }

        request_with_retry(:post, '/mfa/associate', request_params, { 'Authorization' => "Bearer #{mfa_token}" })
      end
    end
  end
end

If the client object already has a Bearer header it will use that one and not the one I'm passing.

Please let me know if you need more information to understand my use case with the MFA API.

Reproduction

There is no easy way to reproduce this without interacting with the MFA API.

Additional context

No response

ruby-auth0 version

5.16.0

Ruby version

ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux]

stevehobbsdev commented 9 months ago

Hey @santiagodoldan, yeah looks like an issue to me - I have low capacity right now but happy to review a PR if you want to submit one.

santiagodoldan commented 9 months ago

I can work on that 🚀 , I'll create a PR to fix the headers issue and then will integrate the MFA endpoints 💯

auth0 / ruby-auth0