Comments (9)
Hi @ellneal, thanks for raising this.
The code credentials grant is already supported through dedicated methods for logging in with username/password (e.g. this one). Do these methods address your use case? If not, could you please provide more information about your use case?
from auth0.swift.
I'm using the client_credentials
grant (with an audience
and a client_secret
). I can't find any explicit method that supports this unless I'm mistaken?
from auth0.swift.
Mobile apps are considered public clients, so there is no need to provide a client_secret
(it can be easily retrieved from the app binary).
from auth0.swift.
So you can use https://auth0.github.io/Auth0.swift/documentation/auth0/authentication/login(usernameoremail:password:realmorconnection:audience:scope:)-5yc0w/ for this.
from auth0.swift.
Our use case here is complicated, but rest assured that we are not storing a secret in the app binary. However, we do still need to use the client_credentials
grant, and I would argue that since it's a function supported by the Auth0 API, it should be possible to call it from the Auth0 Swift SDK without resorting to hacks.
This is how I built the request using the v1 SDK.
let authentication = Auth0.authentication(clientId: theClientId, domain: theDomain)
let request = authentication.tokenExchange(withParameters: [
"grant_type": "client_credentials",
"audience": theAudience,
"client_secret": theClientSecretThatIsNotHardcodedIntoTheBinarySoYouNeedNotWorry
])
And this is how I currently have to achieve the same result with the v2 SDK:
extension Auth0.Authentication {
func clientCredentials(audience: String, secret: String) -> Request<Credentials, AuthenticationError> {
codeExchange(withCode: "", codeVerifier: "", redirectURI: "")
.parameters([
"code": nil,
"code_verifier": nil,
"redirect_uri": nil,
"grant_type": "client_credentials",
"audience": audience,
"client_secret": secret
] as [String: Any?] as [String: Any])
}
}
from auth0.swift.
However, we do still need to use the client_credentials grant, and I would argue that since it's a function supported by the Auth0 API, it should be possible to call it from the Auth0 Swift SDK without resorting to hacks.
Not all grants are supported for all application types. The client credentials grant is not supported for public clients. Mobile applications are public clients, so it is not supported by our mobile SDKs: https://auth0.com/docs/get-started/applications/application-grant-types#public-applications
![Screenshot 2023-09-25 at 4 59 33 PM](https://private-user-images.githubusercontent.com/5055789/270402518-2fa9bdb9-1233-495d-a674-8794a94ece06.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQwMjQ5MTAsIm5iZiI6MTcxNDAyNDYxMCwicGF0aCI6Ii81MDU1Nzg5LzI3MDQwMjUxOC0yZmE5YmRiOS0xMjMzLTQ5NWQtYTY3NC04Nzk0YTk0ZWNlMDYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDQyNSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA0MjVUMDU1NjUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODUwYjM3NGY0YTU0YzgwMjAxNmY3MGE4YTMxNzhhZmQ5YjI3OGI0ODNhYmMwYzRiMWE2OWNjNTM1MzU2YTYyYSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.rTy3-37jHOTiABKbPbZvSU8fG9RqQmY9XWXY4RvB8fc)
from auth0.swift.
Our use case also isn't a public application, but thanks for your assistance anyway.
from auth0.swift.
Could you please expand on more detail why you need the client credentials grant in particular?
from auth0.swift.
We're using it as an interim solution for device authentication because the Auth0 device flow does not yet support multiple organisations.
I'm not advocating for the client credentials grant to have an explicit method added as I understand that your goal is to discourage use of that where it's a potential security risk. Hence my feature request is for the token()
function (or even just the Request
initialisers) to be made public so that we can build our own parameter sets when calling /oauth/token
.
from auth0.swift.
Related Issues (20)
- Versions prior to 2.4.0 (namely the previous one 2.3.2) are not compatible with iOS 12 anymore HOT 2
- Crash with numeric bundle indentifier HOT 1
- The .start method callback is sometimes not called HOT 5
- The callback execution thread is not consistent HOT 4
- Auth0 not working in iOS 17. Not able to login HOT 8
- Login with OTP with custom realm HOT 1
- Custom minTTL support with renew() API HOT 2
- Passwordless authentication does not accept additional parameters HOT 2
- Privacy Manfiest HOT 4
- SWIFT TASK CONTINUATION MISUSE: clearSession(federated:) leaked its continuation! HOT 2
- Auth0 does not support visionOS
- Missing AuthenticationError helper for Revoked tokens
- Auth0 does not support Social Logins for visionOS HOT 1
- isNetworkError does not report case where Wifi + Mobile Data is off HOT 1
- Auth0.webAuth() doesn't work during migration from iOS to VisionOS platform HOT 16
- Auth0 crashes due to swift task continuation misuse HOT 7
- Unable to install latest version. HOT 2
- Privacy manifest HOT 3
- signup func to support setting given_name and family_name HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0.swift.