dotnet-sdk icon indicating copy to clipboard operation
dotnet-sdk copied to clipboard

Published 20 hours ago verified publisher icon openfga

PathTemplate auth/token hardcoded in OAuth2Client ExchangeTokenAsync method

Open stefanmilivojevic91 opened this issue 2 years ago • 4 comments

Token endpoint path should be fetched from issuer's openid configuration (.well-known/openid-configuration) endpoint. AzureAD has oauth2/token for instance and OAuth2Client is unable to fetch access token using client credentials flow (FgaApiNotFoundError exception is thrown). https://github.com/openfga/dotnet-sdk/blob/main/src/OpenFga.Sdk/ApiClient/OAuth2Client.cs#L122

stefanmilivojevic91 avatar Aug 31 '23 09:08 stefanmilivojevic91

Thanks for raising the issue @stefanmilivojevic91 !

rhamzeh avatar Aug 31 '23 09:08 rhamzeh

@stefanmilivojevic91 if we allowed you to specify the token endpoint itself, will that be enough to resolve your issue?

Basically, if you set ApiTokenIssuer with a path, we will no longer append /oauth/token.

So:

ApiTokenIssuer Endpoint SDK will hit
issuer.fga.example https://issuer.fga.example/oauth/token
https://issuer.fga.example https://issuer.fga.example/oauth/token
issuer.fga.example/some_endpoint https://issuer.fga.example/some_endpoint
https://issuer.fga.example/some_endpoint https://issuer.fga.example/some_endpoint

rhamzeh avatar Sep 05 '23 15:09 rhamzeh

@rhamzeh My apologies for the delayed response, I think that will do the job, thanks :)

stefanmilivojevic91 avatar Sep 19 '23 07:09 stefanmilivojevic91

@rhamzeh Hi, maybe allow overriding of the endpoint? That should allow for more customization, because I think it does not cover the case for oauth2 endpoints. For example, the oauth2 endpoint in Azure is oauth2/v2.0/token

mdimovskihtec avatar Sep 20 '23 12:09 mdimovskihtec