AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard

Published 20 hours ago verified publisher icon openid

Disable validating idToken

Open awochniak opened this issue 2 years ago • 4 comments

Configuration

  • Version: 0.11.1
  • Integration: Kotlin

Description

Is it possibly to disable validating idToken in latest (0.11.1) version? After upgrading from 0.7.1 we receive error "Unable to parse ID Token" because we received null as idToken - is it any way to handle it without changes on our backend?

awochniak avatar Jun 22 '22 14:06 awochniak

The lib doesn't do any validation at that step, the error returned is a parsing error. https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/IdToken.java#L163 Can you provide an example of a token you believe is correct but fails parsing?

agologan avatar Jun 23 '22 08:06 agologan

As I wrote, we have idToken as null from backend - at 0.7.1 version below code wasn't occured and we don't make any changes at our backend - we need to omit this fragment (from AuthorizationService.java) Zrzut ekranu 2022-06-23 o 11 20 50

awochniak avatar Jun 23 '22 09:06 awochniak

As you can see that parsing and validation part starts with if (response.idToken != null). https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java#L697

agologan avatar Jun 24 '22 07:06 agologan

I am also htiting this issue of unable to parse the idtoken as my id token from my backend is en encrypted idtoken (jwe)

kenneth-leong-gt avatar Aug 25 '22 10:08 kenneth-leong-gt