-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
idToken not being provided if not manually added via scope property result in exception thrown #648
Comments
Hi @ryandary
The documentation does say "if" openid scope is present. Have any suggestions to make this better? |
That's clear. In my case, it is being provided in auth, so my expectation is that it will be provided in refresh. |
@ryandary the However what you can do is use our |
Perhaps the phrase that is confusing is "if 'openid' scope was requested when the refresh_token was obtained" as this suggests some prior state that is being considered. The "was requested... when.. was obtained" implies that some state is being remembered either internally on device, in the cloud or possibly in the token itself. It is unclear to the caller (me in this case) that scope needed to be passed explicitly and that it needed to match what was passed at initial auth. The sentence that I started this thread with implies that as long as the initial auth included that scope that this function would also return the tokens. |
The fact that the exception is thrown seems to suggest that the internal implementation also makes expectations that are based on state rather than on simply passed-in values. |
Can you share the exception that you are referring to here? |
Here is a snippet. This is caused by calling renewAuth on AuthenticationAPIClient without using the addParameter and passing the scope and the initial auth was called by passing the scope "openid email offline_access". Caused by: com.auth0.android.Auth0Exception: Something went wrong The point of interest is the idToken must not be null portion. |
@ryandary Thanks for your patient response. I can understand the confusion now and the documentation is misleading. Let me explain the cause. We usually return The This error and documentation error might have happened because we use both these methods internally and we ensure default scopes are added internally. I am looking into possible solution without affecting backward compatibilty. Will provide an update soon. |
@ryandary we have added a fix to this. Thanks a lot for raising this to us :) This should be released soon. |
Auth0.Android/auth0/src/main/java/com/auth0/android/authentication/AuthenticationAPIClient.kt
Line 539 in a0e5d74
The language of the documentation suggests that the scope that are used when performing the initial auth will be applied on the renew, however it seems that this is not always the case. We found that when calling renew without specifically adding the scope parameter, the result of the call is an exception because the payload returned by the server did not contain the idToken.
The text was updated successfully, but these errors were encountered: