dorinclisu
commented
1 year ago I cannot accept this PR as is because it negatively impacts the test coverage - more precisely the ability of the api to reject tokens with wrong audience. You have removed that part of the test and replaced it with testing the auth0 backend itself.
My guess is that you have a misconfiguration in your auth0 dashboard. The tests have passed 1 month ago in GitHub Actions so it's highly unlikely that auth0 made breaking changes during this period.
Where exactly is the test failing in your replication setup? Is it here? https://github.com/dorinclisu/fastapi-auth0/blob/0a361065c922328be988262f21068afc88487f6b/tests/test_auth.py#L256
If the answer is yes, then you probably did not create a second API in auth0 to use as auth0_api_audience_wrong.
For example, I use auth0_api_audience=fastapi1 and auth0_api_audience_wrong=fastapi2 while both fastapi1 and fastapi2 exist as API's in auth0.
evoludigit
Hello,
I could not make the test_token() pass for wrong audience. The proposed change makes it pass, as of today, January the 4th 2023.