Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-3863] Add support for Client Assertion in authentication endpoints #434

Merged
merged 6 commits into from
Jan 26, 2023
Merged

[SDK-3863] Add support for Client Assertion in authentication endpoints #434

merged 6 commits into from
Jan 26, 2023

Conversation

stevehobbsdev
Copy link
Contributor

Changes

This PR adds support for specifying an asymmetric key for the purposes of signing a client assertion JWT to authenticate with Auth0, as an alternative to client_secret. See Private Key Jwt.

With these changes, the SDK accepts two new arguments on client creation:

  • client_assertion_signing_key: A key used for signing the client assertion JWT (the corresponding public key should be uploaded to your Auth0 tenant)
  • client_assertion_signing_alg: The signing algorithm to use (defaults to RS256 if not specified

The client_secret argument can then be omitted. If both client_secret and client_assertion_signing_key are specified, the latter takes precedence.

The key can be anything accepted by ruby-jwt.

key_string = File.read 'key.pem'
key = OpenSSL::PKey::RSA.new key_string

client = Auth0Client.new(
  domain: 'AUTH0_DOMAIN',
  client_id: 'AUTH0_CLIENT_ID',
  client_assertion_signing_key: key)

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of Ruby

Checklist

@stevehobbsdev stevehobbsdev added the review:medium Medium review label Jan 25, 2023
@stevehobbsdev stevehobbsdev marked this pull request as ready for review January 25, 2023 16:38
@stevehobbsdev stevehobbsdev requested a review from a team as a code owner January 25, 2023 16:38
@stevehobbsdev
Copy link
Contributor Author

CodeCov is failing but is also reporting no changes in the diff 🤷🏻

adamjmcgrath
adamjmcgrath previously approved these changes Jan 25, 2023
View reviewed changes
Copy link
Contributor

@adamjmcgrath adamjmcgrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@stevehobbsdev stevehobbsdev merged commit 77f798d into master Jan 26, 2023
@stevehobbsdev stevehobbsdev deleted the feat/private_key_jwt branch January 26, 2023 10:14
@stevehobbsdev stevehobbsdev mentioned this pull request Jan 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamjmcgrath adamjmcgrath adamjmcgrath approved these changes

Assignees
No one assigned
Labels
review:medium Medium review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevehobbsdev @adamjmcgrath