Auth0 not following oidc spec (again) (but in an other way)

ramosbugs / openidconnect-rs

OpenID Connect Library for Rust

MIT License

404 stars 100 forks source link

Auth0 not following oidc spec (again) (but in an other way) #136

Open julien-leclercq opened 11 months ago

julien-leclercq commented 11 months ago

Hello,

As stated in the title, the /usreinfo endpoint returns a stringified epoch timestamp... https://auth0.com/docs/api/authentication#user-profile

If you have any idea on how I could work around this other than hand making the request. Otherwise, do not bother, the problem is definitely on their side.

ramosbugs commented 11 months ago

Wonderful... you'd think Auth0 could at least be internally consistent with how they (mis)represent timestamps.

Fortunately, Auth0 appears to be returning raw JSON UserInfo responses rather than signed JWTs, so in this case I would suggest having an HTTP client shim that rewrites the /userinfo response to adhere to the spec (i.e., converts the string to a number) before returning it to this crate. You can pass a function that implements this shim directly to request[_async].

julien-leclercq commented 11 months ago

Thanks, for now I have a dedicated reqwest client. might update later.