openidconnect-rs icon indicating copy to clipboard operation
openidconnect-rs copied to clipboard

Published 20 hours ago verified publisher icon ramosbugs

Auth0 not following oidc spec (again) (but in an other way)

Open julien-leclercq opened this issue 2 years ago • 5 comments

Hello,

As stated in the title, the /usreinfo endpoint returns a stringified epoch timestamp... https://auth0.com/docs/api/authentication#user-profile

If you have any idea on how I could work around this other than hand making the request. Otherwise, do not bother, the problem is definitely on their side.

julien-leclercq avatar Oct 31 '23 09:10 julien-leclercq

Wonderful... you'd think Auth0 could at least be internally consistent with how they (mis)represent timestamps.

Fortunately, Auth0 appears to be returning raw JSON UserInfo responses rather than signed JWTs, so in this case I would suggest having an HTTP client shim that rewrites the /userinfo response to adhere to the spec (i.e., converts the string to a number) before returning it to this crate. You can pass a function that implements this shim directly to request[_async].

ramosbugs avatar Oct 31 '23 23:10 ramosbugs

Thanks, for now I have a dedicated reqwest client. might update later.

julien-leclercq avatar Nov 03 '23 09:11 julien-leclercq