Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: optional scopes in refresh token #169

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: optional scopes in refresh token #169

wants to merge 3 commits into from

Conversation

monsignore7
Copy link

Description

This fix proposes the introduction of a new attribute of the UserManagerSettings class that would be used during the flow of refresh token to decide whether or not to include the scopes as param in the body of the request.
This fix is needed, as I pointed out in #167, because Salesforce doesn't support scope parameter in the body request when refreshing token.

Type of Change

  • ✨ New feature (non-breaking change which adds functionality)
  • 🛠️ Bug fix (non-breaking change which fixes an issue)
  • ❌ Breaking change (fix or feature that would cause existing functionality to change)
  • 🧹 Code refactor
  • ✅ Build configuration change
  • 📝 Documentation
  • 🗑️ Chore

@codecov Codecov
Copy link

codecov bot commented Jan 25, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 21.22%. Comparing base (3227179) to head (de5fda5).
Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
.../oidc_core/lib/src/managers/user_manager_base.dart 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #169      +/-   ##
==========================================
- Coverage   21.28%   21.22%   -0.06%     
==========================================
  Files          63       62       -1     
  Lines        1809     1809              
==========================================
- Hits          385      384       -1     
- Misses       1424     1425       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ahmednfwela ahmednfwela changed the title Fix/optional scopes in refresh token fix: optional scopes in refresh token Jan 25, 2025
ahmednfwela
ahmednfwela reviewed Feb 23, 2025
View reviewed changes
Copy link
Member

@ahmednfwela ahmednfwela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while this solves the specific issue of removing scope from refresh token, I think we need a more general solution for modifying the requests before sending them for any other use case that pops up

@monsignore7
Copy link
Author

I think that is a little bit difficult to manage these issues in a more generic way, because every idp can manage the optional parameters of the different endpoints in different ways.
Moreover, in this specific case, refresh token api could be called in automatic by the OidcManager, so the only way the end user can manage the parameters is during the creation of the manager.

@stonymahony
Copy link

That would of course be even better, I agree with you @ahmednfwela. But that's time-consuming and takes quite a while, right?
Since the current behaviour leads to errors for some OIDC providers, I would consider this an urgent, important fix that therefore should be merged.

@otmi100 otmi100 mentioned this pull request Mar 18, 2025
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmednfwela ahmednfwela ahmednfwela left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@monsignore7 @stonymahony @ahmednfwela