auth0-java icon indicating copy to clipboard operation
auth0-java copied to clipboard
verified publisher icon auth0

SDK fails to parse a response when "email_verified" is not a boolean

Open lanwen opened this issue 1 year ago • 2 comments

Checklist

  • [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

We use OIDC provider which in order, uses SAML and somehow, in the email_verified field there is a same email as in email. Since its not a boolean, SDK fails to parse the response.

api.users().get(userId, new UserFilter()).executeAsync()

Would be nice to have some kind of a workaround for this case

Reproduction

Original Stack Trace:
		at com.auth0.net.BaseRequest.parseResponseBody(BaseRequest.java:90)
		at com.auth0.net.BaseRequest.getResponseFuture(BaseRequest.java:176)
		at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
		at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
		at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2179)
		at com.auth0.net.client.DefaultHttpClient$1.onResponse(DefaultHttpClient.java:100)
		at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:519)
		at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
		at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
		at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `java.lang.Boolean` from String "[email protected]": only "true" or "false" recognized
 at [Source: (String)"{"created_at":"2024-01-24T22:11:19.415Z","email":"[email protected]","email_verified":"[email protected]","https://saml:domain:com":{"email":"[email protected]","username":"k832","uuid":"d6a38526-6758-43c6-8a8d-d4d3ea4a0cb3"},"identities":[{"user_id":"connection-name|samlp|samlp-custom|[email protected]","provider":"oidc","connection":"connection-name","isSocial":false}],"name":"My Name","nickname":"nickname","picture":"https://s.gravatar.com/a"[truncated 501 chars]; line: 1, column: 97] (through reference chain: com.auth0.json.mgmt.users.User["email_verified"])
	at com.fasterxml.jackson.databind.exc.InvalidFormatException.from(InvalidFormatException.java:67)
	at com.fasterxml.jackson.databind.DeserializationContext.weirdStringException(DeserializationContext.java:2002)
	at com.fasterxml.jackson.databind.DeserializationContext.handleWeirdStringValue(DeserializationContext.java:1230)
	at com.fasterxml.jackson.databind.deser.std.StdDeserializer._parseBoolean(StdDeserializer.java:550)
	at com.fasterxml.jackson.databind.deser.std.NumberDeserializers$BooleanDeserializer.deserialize(NumberDeserializers.java:227)
	at com.fasterxml.jackson.databind.deser.std.NumberDeserializers$BooleanDeserializer.deserialize(NumberDeserializers.java:200)
	at com.fasterxml.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:545)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeWithErrorWrapping(BeanDeserializer.java:570)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:477)
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1409)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:352)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:185)
	at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4825)
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3772)
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3755)
	at com.auth0.net.BaseRequest.readResponseBody(BaseRequest.java:118)
	at com.auth0.net.BaseRequest.parseResponseBody(BaseRequest.java:88)
	at com.auth0.net.BaseRequest.getResponseFuture(BaseRequest.java:176)
	at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
	at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2179)
	at com.auth0.net.client.DefaultHttpClient$1.onResponse(DefaultHttpClient.java:100)
	at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:519)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)

Additional context

No response

auth0-java version

2.10.0

Java version

21

lanwen avatar Jan 24 '24 22:01 lanwen

Hi @lanwen

Thank you for bringing this issue to our attention.

We've reviewed the details and based on our analysis, it seems unusual. According to the SDK schema, the field is defined as a Boolean. Given that the SDK is behaving as expected, the issue may not be related to the SDK itself.

Since we are unable to reproduce the issue, can you please define steps to reproduce the issue if still persists.

tanya732 avatar Sep 09 '24 07:09 tanya732

@tanya732 Thank you for taking a look! With saml it's possible to map some fields of the saml response into the final get user response. That happens on the enterprise level, so it's not something common. But my point is that instead of failing the entire parsing in this case, sdk can ignore such fields, as right now I have to reimplement the entire client to call the endpoint.

lanwen avatar Sep 09 '24 08:09 lanwen

Hi @lanwen,

Thank you for pointing this out; I completely understand your concerns.

However, making changes to the SDK to allow lenient parsing in this case comes with several potential risks. While it might provide a quick resolution for specific scenarios but it could introduce issues related to data integrity, discrepancies in parsed data, and the possibility of hidden errors that might go unnoticed. Ignoring fields or parsing them incorrectly could lead to incomplete or inaccurate data, which might affect the customers in unexpected ways.

I truly appreciate your feedback, and perhaps we can explore alternative approaches at a later stage.

tanya732 avatar Dec 17 '24 11:12 tanya732