auth0 / auth0-oidc-client-net Goto Github PK

Description

In WPF applications, the Auth0 flow login always needs to be opened in a separate window. This is due to the fact that the window which contains the browser window always closes after successful login. This prevents us from creating a seamless login experience in WPF.

Prerequisites

[X] I have checked the README documentation.
[X] I have checked the Auth0 Community for related posts.
[X] I have checked for related or duplicate Issues and PRs.
[X] I have read the Auth0 general contribution guidelines.
[X] I have read the Auth0 Code of Conduct.
[X] I am reporting this to the correct repository

Environment

• Version of auth0-oidc-client-net being used : 2.3.1
• Version of the .NET Framework and what type of application (UWP, WinForms etc) : WPF .NET 4.5.2

Reproduction

On the client side, I get the current active window (main application window as well) and pass it into the constructor of PlatformWebView. I then call the login function

// Client side call for Auth0 login to show up in current active window
Window ReturnWindow()
{
    return Application.Current.Windows.OfType<Window>().SingleOrDefault(x => x.IsActive);
}
Func<Window> windowFunc = ReturnWindow;
PlatformWebView platformWebView = new PlatformWebView(windowFunc);
Auth0ClientOptions auth0ClientOptions = new Auth0ClientOptions
{
    Domain = tokenReqParams.Domain,
    ClientId = tokenReqParams.ClientId,
    RedirectUri = tokenReqParams.RedirectUrl,
    Browser = platformWebView
};

var auth0Client = new Auth0Client(auth0ClientOptions);
var loginResult = await auth0Client.LoginAsync();

As soon as the login flow succeeds, the main application window shuts down essentially closing the application.

Hello,

I've configured a custom domain per the docs here: https://auth0.com/docs/custom-domains

When the app navigates to the auth page, the following message appears:

Domain configuration tests out okay...

Does the OIDC client support custom domains?

When logging in, we should be able to pass in information to the login screen, for example, so that the user does not have to re-enter email address. It doesn't seem like this is possible. In our case we are using the Auth0 passwordless auth flow.

Hello, I have a WinForms app that targets .Net Framework 4.6.1. With VS2017 I add the Nuget reference to this library and normal login works. However when I try to call RefreshTokenAsync I get a MissingMethodException at runtime.

Should this package work with 4.6.1? Is there an alternative package I should be using? BTW, the Nuget install of the package seems to silently fail and I have to force the install from the console with "Install-Package Auth0.OidcClient.WinForms -Version 1.2.0" which worries me a bit.

In Auth0 there is support for JsonWebSignatureAlgoritjm HS256.
And we are using that.
But there is currently no support for HS256 in OIDC client.
And we can not switch to another algorithm easily.
Please, add support for HS256 in OIDC client.

We’ve received several reports from users on iOS that they’re now unable to log into our Xamarin.Forms app. Many of the reports are from users who have iPhone X and are running iOS 12.x

Based on our error logging we’ve found quite a few instances of two specific errors after calling Auth0Client.LoginAsync(extraParameters). The LoginResult.Error is “Error loading discovery document: Error connecting to https://{auth0tenant}.auth0.com/.well-known/openid-configuration: A task was canceled.”
or
“Error loading discovery document: Error connecting to https://{auth0tenant}.auth0.com/.well-known/openid-configuration: An error occurred while sending the request”

Here’s a stack trace from one of these errors:

Message: Error loading discovery document: Error connecting to https://{auth0tenant}.auth0.com/.well-known/openid-configuration: A task was canceled.
IdentityModel.OidcClient.OidcClient.EnsureProviderInformationAsync() in <73424da05e224d8489755ed33593dddc#63812a54afbdd64580b3a5b121123909>:0
IdentityModel.OidcClient.OidcClient.EnsureConfigurationAsync() in <73424da05e224d8489755ed33593dddc#63812a54afbdd64580b3a5b121123909>:0
IdentityModel.OidcClient.OidcClient.LoginAsync() in <73424da05e224d8489755ed33593dddc#63812a54afbdd64580b3a5b121123909>:0
IdentityModel.OidcClient.OidcClient.LoginAsync() in <73424da05e224d8489755ed33593dddc#63812a54afbdd64580b3a5b121123909>:0
RiderXApp.Ios.LoginUIService.DisplayLoginUi() in <bc7f553aeaa44b3286b19cf4bbdfbc68#63812a54afbdd64580b3a5b121123909>:0
RiderXApp.Portable.LoginPageModel.DisplayLoginUi() in <3bb84c2a643e481e96115268db26fa74#63812a54afbdd64580b3a5b121123909>:0
Message: A task was canceled.
System.Net.Http.HttpClientHandler.SendAsync() in <6a949247cae943bba6c87f3db5f4b779#63812a54afbdd64580b3a5b121123909>:0
System.Net.Http.HttpClient.SendAsyncWorker() in <6a949247cae943bba6c87f3db5f4b779#63812a54afbdd64580b3a5b121123909>:0
IdentityModel.Client.DiscoveryClient.GetAsync() in <4b7ba16f640c48e1bc7f205c5de390e2#63812a54afbdd64580b3a5b121123909>:0

We’re using version 2.0.0 of the Auth0.OidcClient.iOS package from NuGet in our app.

We’re having a hard time understanding what would cause this issue and would appreciate any help.

Describe the problem you'd like to have solved

Currently, if we try to use Auth0.OidcClient with Forms solution with Xamarin.Android project and we add Auth0.OidcClient.Android package to Android project, if we use Forms 4.5 and above, we will get an error. This error is since Forms 4.5 no longer use Android.Support libraries and instead it migrated to AndroidX ones.

Describe the ideal solution

Ideally, the OidcClient package for Android will migrate also to AndroidX packages. This way, we won't have to install any of the legacy support packages.

Alternatives and current work-arounds

Current workaround is to install Xamarin.Android.Support.CustomTabs package. This is not the ideal solution, since the support packages are no longer updated and this package also brings a lot of dependencies with it.

Hi ,

Currently in my Xamairn.Android I have 2 activities Mainactivity and SignoutActivity.
In my Mainactivity I have a button where when user clicks the button it goes to SignoutActivity.
Here I have implemented the signout codes of Auth0.
Here are the codes-

MainAcitivity-

   this.Signout.Click += delegate
        {
             using (var intent = new Intent(this, typeof(SignOutActivity)))
                {
                    this.StartActivity(intent);
                }
        };

SignOutAcitivity-

  protected override void OnCreate(Bundle savedInstanceState)
    {
        base.OnCreate(savedInstanceState);
        this.LogoutAsync();
        Finish();
        
    }
public async Task<BrowserResult> LogoutAsync()
    {
        var clientOptions = new Auth0.OidcClient.Auth0ClientOptions
        {
            Domain ="",
            ClientId = "",
            Scope = "openid email offline_access",
            Browser = new PlatformWebView()
        };
        var logoutUrl = "Signout URl";
        string redirectUri = "I have proper callback uri";
 
        Dictionary<string, string> dictionary = new Dictionary<string, string>();
        dictionary.Add("client_id", "random1234");
        dictionary.Add("returnTo", clientOptions.RedirectUri);

        string endSessionUrl = new RequestUrl(logoutUrl).Create(dictionary);

        var logoutRequest = new LogoutRequest();
        BrowserResult browserResult = null;

        browserResult = await clientOptions.Browser.InvokeAsync(new BrowserOptions(endSessionUrl, redirectUri)
        {
            Timeout = TimeSpan.FromSeconds((double)logoutRequest.BrowserTimeout),
            DisplayMode = logoutRequest.BrowserDisplayMode
        });
       
        return browserResult;
    }

Platformview-

class PlatformWebView : IBrowser
{
    public Task<BrowserResult> InvokeAsync(BrowserOptions options)
    {
        if (string.IsNullOrWhiteSpace(options.StartUrl))
        {
            throw new ArgumentException("Missing StartUrl", nameof(options));
        }

        if (string.IsNullOrWhiteSpace(options.EndUrl))
        {
            throw new ArgumentException("Missing EndUrl", nameof(options));
        }
        var tcs = new TaskCompletionSource<BrowserResult>();

        void Callback(string response)
        {
            ActivityMediator.Instance.ActivityMessageReceived -= Callback;

            // set result
            if (response == "UserCancel")
            {
                tcs.SetResult(new BrowserResult { ResultType = BrowserResultType.UserCancel });
            }
            else
            {
                tcs.SetResult(new BrowserResult
                {
                    Response = response,
                    ResultType = BrowserResultType.Success
                });
            }
        }
        ActivityMediator.Instance.ActivityMessageReceived += Callback;
        var uri = Android.Net.Uri.Parse(options.StartUrl);
        var intent = new Intent(Intent.ActionView, uri);
        intent.AddFlags(ActivityFlags.NoHistory)
            .AddFlags(ActivityFlags.NewTask);
        Application.Context.StartActivity(intent);
        return tcs.Task;
    }
}
}

Problem is browser never returns to app,Also I have put a debugger at return browserResult,this debugger also does not hit.Please help me.

We have a Xamarin mobile app for both iOS and Android. We used to use the component that launches a webview with the login page, and that's deprecated. Now it launches the phones default browser. The issue is it stays open behind the app with a spinning circle even when a good login occurs. How do we have the web browser automatically close on good login?

konrad.sopala from Auth0 Community asked to me to create a new issue here.

We are experiencing an slow response using the methods RefreshTokenAsync and GetUserInfoAsync. The refresh token takes up to 4.500ms and get user info up to 2.500ms. Our tenant is on a Free plan, is it normal to took too long?

Which SDK does this apply to?
Auth0.OidcClient.Core / Auth0.OidcClient.WPF

Which verison of the SDK you are using?
3.1.2 / 3.1.3

Which version of the platform are you facing this error on?
.Net Standard 2 / .Net Framework 4.7.2

I'm looking at this chunk of code:
https://github.com/auth0/auth0-oidc-client-net/blob/master/src/Auth0.OidcClient.Shared/Auth0Client.cs#L146-L166

What info does LogoutAsync() pass to the endpoint in order to logout the correct user? I see that the clientId is passed, and the logout URL, but I don't see where the individual user's id is passed so that the Auth0 backend knows which user session to end. I see that it DOES work, but I just don't understand HOW. On iOS, the SFWebAuthenticationSession (or ASWebAuthencationSession in iOS 12+) is an isolated browser with its own session and cookies. So when LogoutAsync() is called, the browser that appears to call the logout URL is presumably a fresh secure browser. How does it know which user to logout when it is called?

I'm asking because I'd really like to call the logout endpoint manually in code, not by popping a browser to the user. I understand the rationale for showing a browser when logging in, because the user is passing their credentials to the identity provider. However, if there are no credentials passed at logout, I would assume that logout should be achievable by calling the logout endpoint in code, in response to a button press or something. But I don't see how I can do that without passing the user's id token or something. But I can't find any docs on what those query params may be.

In Winforms, when you do a social login (Facebook) it opens a new tab in the system default browser to that callback with the OK result. A little ugly there. Is there a way to prevent this?

I was able to log into my account and it navigated back to my app, but nothing is called after it.

_auth0Client = new Auth0Client(new Auth0ClientOptions
            {
                Domain = Auth0Config.Domain,
                ClientId = Auth0Config.ClientId
            });

public async Task<Auth0AuthenticationResult> Authenticate()
        {
            var result = await _auth0Client.LoginAsync(new { audience = Auth0Config.Audience });

            return BuildResult(result);
        }

var result = await authService.Authenticate();

// Is never hit
[breakpoint] if (!result.IsError)
                {

                }

Xamarin.Forms: 4.3.0.947036
Auth0.OidcClient.Android: 2.4.3 (having problems with 3.0, see other issue)
Auth0.Core: 6.5.4

I'm using Xamarin.Forms, as per this blog it works fine but when I try and use the above library it updates some of the base packages which must break the auth0 library.

Basically I authenticate fine as per the logs in the portal but I get a null token, pretty similar to this post in the community

Description

The provider i try to use doesn't provide any discovery document.
Is it possible to use this library without discovery document and provider information programmatically?

Prerequisites

• [X ] I have checked the README documentation.
• [ X] I have checked the Auth0 Community for related posts.
• [ X] I have checked for related or duplicate Issues and PRs.
• [ X] I have read the Auth0 general contribution guidelines.
• [ X] I have read the Auth0 Code of Conduct.
• [ X] I am reporting this to the correct repository.

Environment

• Version of auth0-oidc-client-net being used : 2.3.1
• Version of the .NET Framework and what type of application (UWP, WinForms etc) : WPF .NET 4.5.2

Reproduction

consistently reproducable

Please include:

Description

How can I retrieve the user's claims while using a refresh token?

RefreshTokenResult result = await client.RefreshTokenAsync("abc");

LoginResult has the user's claims but RefreshTokenResult doesn't.

Environment

Please provide the following:

• Version of auth0-oidc-client-net being used: Core and WPF 2.3.1
• Version of the .NET Framework and what type of application: .Net Core 2.1 and .Net Framework 4.7.2 (WPF)

Reopening #79

When using the New Universal Login, if in the winforms client you type in the wrong username/password, the browser just closes and gives you an Http error. In the old flow, the browser would remain open during failed attempts.

You showed a screenshot, but you were not using the NEW Universal Login option, which is why you couldn't reproduce.

When running a UWP app on a Windows IoT Core device, authentication always ends on an "Invalid state." error from https://github.com/IdentityModel/IdentityModel.OidcClient2/blob/2.7.0/src/IdentityModel.OidcClient/ResponseProcessor.cs#L48-L50.

Hello,
How do I clear the login cache for auth0? This way I can use multiple facebook/google accounts for testing purposes.

Thanks!

I migrate to this oidc component from old Auth0 component.
I don't really happy with new way of callback via deep links.
I see PrepareLoginAsync and ProcessResponseAsync methods in IAuth0Client.
How can I use them with my own WebView[Controller/Activity] to authorize?
Can you provide example how to use them?

Description

I'm trying to run the android sample app downloaded from the auth0 site for a xamarin.android and I got the following error:

Android.Util.AndroidRuntimeException: Calling startActivity() from outside of an Activity context requires the FLAG_ACTIVITY_NEW_TASK flag. Is this really what you want?

Prerequisites

• [*] I have checked the README documentation.
• [*] I have checked the Auth0 Community for related posts.
• [*] I have checked for related or duplicate Issues and PRs.
• [*] I have read the Auth0 general contribution guidelines.
• [*] I have read the Auth0 Code of Conduct.
• [*] I am reporting this to the correct repository.

Environment

Please provide the following:

• Version of auth0-oidc-client-net being used: v2.4.0
• Version of the .NET Framework and what type of application (UWP, WinForms etc): Xamarin.Android

Reproduction

• Download the sample xamarin app from the auth0 site after creating the app
• Run the app

When calling LogoutAsync, if the logout redirect url hasn't been set up correctly, this logout will fail to work - but there's no indication that it's failed. LogoutAsync doesn't throw an exception, and there's no return value.

I was following this guide to having auth0 authentication in Xamarin.Forms, but I ran across an exception that I can't find any information about:

at IdentityModel.OidcClient.AuthorizeClient.AuthorizeAsync (IdentityModel.OidcClient.Browser.DisplayMode displayMode, System.Int32 timeout, System.Object extraParameters) [0x00036] in C:\local\identity\model\IdentityModel.OidcClient\src\AuthorizeClient.cs:36
at IdentityModel.OidcClient.OidcClient.LoginAsync (IdentityModel.OidcClient.LoginRequest request) [0x000ee] in C:\local\identity\model\IdentityModel.OidcClient\src\OidcClient.cs:94

var auth0LoginResult = await _auth0Client.LoginAsync(new { audience = Auth0Config.Audience });

This happens on both emulator and device in Android. I set up the intent filter on my activity. I was using Azure AD B2C login on the same device, so I don't think it has to do with my browser. I see here where the exception is, but the guide I was following didn't have to set the browser property.

Auth0.Core - 6.5.4
Auth0.Android/iOS - 3.0.0
Xamarin.Forms - 4.3.0.947036

There's no interface to specify the audience. This is necessary to access APIs. Without an API there isn't really much point in logging into anything.

I guessed, correctly, that I can do something like so –

var extraOptions = new Dictionary<string, string>();
extraOptions["audience"] = "...";
var task = client.LoginAsync(extraOptions);

– and it works, but just remember this when documenting it.

The callback URL instructions in the document don't match the error I get out of it. It wants a much longer, more complicated string. If I put that into the auth0 configuration, it still fails, like so:

Description

I was following this tutorial https://auth0.com/docs/quickstart/native/xamarin#handing-the-callback-url to implement Auth0 Login into my Xamarin.Forms application. To do this I created a DependencyService to address the platform specific code from the tutorial.

During my test I get an exception while using the Auto0Client:

var client = new Auth0Client(new Auth0ClientOptions { Domain = "<Redacted>.eu.auth0.com", ClientId = "<Redacted>" });

I then receive the following exception:

System.TypeLoadException: 'VTable setup of type Auth0.OidcClient.AutoSelectBrowser failed'

I tested on both a physical Device with iOS 13 and an emulator also on iOS 13 with the same result.

Reproduction

• On both the Android and IOS project create a LoginProvider.cs and add the following code:

`[assembly: Dependency(typeof(TerrariumManager.iOS.LoginProvider))]
namespace TerrariumManager.iOS
{
public class LoginProvider : ILoginProvider
{
public async Task Login()
{
var client = new Auth0Client(new Auth0ClientOptions
{
Domain = ".eu.auth0.com",
ClientId = ""
});

        var loginResult = await client.LoginAsync();

        return loginResult.ToString();
    }
}

}`

for IOS and for Android:

`[assembly: Dependency(typeof(TerrariumManager.Droid.LoginProvider))]
namespace TerrariumManager.Droid
{
public class LoginProvider : ILoginProvider
{
public async Task Login()
{
var client = new Auth0Client(new Auth0ClientOptions
{
Domain = ".eu.auth0.com",
ClientId = ""
});

        var loginResult = await client.LoginAsync();

        return loginResult.ToString();
    }
}

}`

In your PCL create a ILoginProvder.cs:

public interface ILoginProvider { Task<string> Login(); }

and call the corresponding code somewhere on a button click or something:

public async Task<string> UserLogin() { string result = await DependencyService.Get<ILoginProvider>().Login(); return result; }

After this implement the platform specific changes (info.plist etc.) according to the manual listed above.

This should lead to the following error (at least in my case):

Environment

Visual Studio 2019 16.3.3
Xamarin 16.3.0.275
Xamarin.IOS 13.2.0.47
Auth0.OidcClient.iOS 3.0.0

We faced this issue sometimes. Not every time we login,That also if user has to input both user id and password.

Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark)

is there anything wrong here?
or just auth0 bug?

Also I have read some articles saying we have to set initiate_log_uri,How to do this in Xamarin.Android
thanks
thanks

The library does currently support PrefersEphemeralWebBrowserSession on iOS. It looks like the property is available in Xamarin:

https://docs.microsoft.com/en-us/xamarin/ios/release-notes/api-changes/ios-12-14-0-12-99-0

We recently added support for this to Auth0.Swift--seems like it could be useful here as well.

Describe the problem you'd like to have solved

We have integrated Auth0 into a few of our Xamarin.Forms Applications using your Auth0.OidcClient.AndroidX package. Our current problem is that every time we call LoginAsync, it opens a new external browser window on the mobile device of the user. This leaves the app and makes it impossible to test the flow automated tools like Xamarin Test Cloud. And most importantly, it breaks the user experience if the user sees that he or she is leaving the app. This always leaves a weird impression with many users.

Describe the ideal solution

An ideal solution would be the ability to use an existing embedded WebView. The MSAL library that Microsoft provides to authenticate using Azure AD allows this via the WithUseEmbeddedWebView method.
https://docs.microsoft.com/de-de/azure/active-directory/develop/msal-net-web-browsers

A similar Action would be great to have in the Auth0 Client Login method

The Xamarin iOS package uses SFAuthenticationSession for iOS 11+. The class was deprecated (see https://developer.apple.com/documentation/safariservices/sfauthenticationsession) and we should use ASWebAuthenticationSession instead.

Is PKCE supported by this library? I can't find anything.

I am trying to get a bearer token from a Xamarin native iOS/Android app to call an API. The access token I get from Auth0Client.LoginAsync() is not a proper JWT access token.

Is there a reference sample that does this?

I use Auth0.oidc.client 2.4.2 It works good for ios 12, but when i updated my xcode to "Version 11.0 (11A420a)" and compiled app for ios 13 client.LoginAsync() always return a LogInResult with error, with the description that says “UnknownError”.
Has anyone run into this issue or something similar?

We have an app that uses browser-based login. We set the browser to save userame, but the prompt is not provided when entering username/password. You can download the app from the google play or Amazon app store - Clarigent MHSAFE.

I have tested with other websites and the username prompt works as expected in the silk and chrome browser on kindle fire 7. Our app saves usernames properly on iphone and android phones.

Are there limitations on using browser-based login when saving usernames on kindle Fire 7 tablet?

When I attempt to login using this browser-based implementation, the modal pops up that looks like it is attempting to save the username when I begin to type password, but all this is displayed is a black key. Typically, it is an orange key with a prompt to save username.

In the mobile apps, we used Auth0.OidcClient.iOS for iOS and Auth0.OidcClient.Android for Android. They’re open source libraries from Auth0 for integrating mobile apps with Auth0 - but basically implementations of the OIDC standard.

Just perusing the source real quick, Winforms Auth0Client passes wpf as the platform name into the base constructor.

I want to replace the IBrowser implementation, but ExtendedWebBrowser is internal, so I have to copy this code needlessly. Make this accessible please.

 var client = new Auth0Client(new Auth0ClientOptions
            {
                Domain = domain,
                ClientId = clientId,
                Scope = "openid profile email roles"
            });

i use the latest version of the nuget-package

in my user i can't read the role which the user belongs too :-(

how can i do this?

Using this guide: https://auth0.com/docs/quickstart/native/xamarin#android

I was able to get auth0 implemented and working correctly on both android and iOS. A couple of days ago I decided to update to the latest of Xamarin forms to accommodate the new iOS 13. I updated Auth0.oidc.client to 2.4.2 as well.

Now client.LoginAsync() always return a LogInResult with error, with the description that says “UnknownError”. The app no longer prompt the Webview for user to log in like it did previously. No changes was made to domain or client id, and the code base is still working with the previous release of Xamarin forms and Auth0.oidc.client 2.4.0 (tested on another machine)

Also, this issue only happens on Xamarin forms iOS. Xamarin forms Android is still working correctly.

Has anyone run into this issue or something similar? Any insight would be greatly appreciated!

When using the latest version of the Auth0.OidcClient.WinForms nuget package (3.0.1) in my application, I was getting the following error when calling methods on the client that were in need to display a webview (Login or Logout):

Could not load file or assembly 'Microsoft.Toolkit.Forms.UI.Controls.WebView, Version=5.1.0.0, Culture=neutral, PublicKeyToken=4aff67a105548ee2' or one of its dependencies.

It seems the nuget package Microsoft.Toolkit.forms.UI.Controls.WebView is a dependency not listed in the Auth0.OidcClient.WinForms package dependencies.

Environment

• Version of this library used: 3.0.1
• Version of the platform or framework used: .Net 4.7.2

Hey,
There are problems with the IdentityModel Packet v3.10.x

FileLoadException: Die Datei oder Assembly "IdentityModel, Version=3.7.0.0, Culture=neutral, PublicKeyToken=null" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)

The underlying IdentityModel.OidcClient library supports (and defaults to) the Hybrid authentication flow, which allows a web server that is not the client application to process identification information and interact with the client. I understand why the Auth0 client defaults to using AuthenticationFlow.AccessCode and ResponseMode.Redirect, but in our case we would like the mobile client's browser session to be able to receive a cookie from the server to support Single Sign-On between native mobile applications and associated web applications simultaneously.

Currently our application is implemented using some native components and some web based components and we would ideally tell the identity provider to pass the token to our web layer, which would set a cookie in the browser for the domain of the web application (which is separate from the identity provider) before redirecting to the application using the custom URI scheme, this way the application can shell to the browser for web application functionality and share the same authentication state as the mobile application. Additionally, the ResponseMode.Redirect does not support passing as much information between the identity provider and the web server, which is less essential for our purposes, but still helpful if the server is able to process the Post request, though it's worth noting that this is only useful for the Hybrid flow since the mobile application is unable to access form post data to its custom URI scheme.

Since these OidcClientOptions properties are not passed through via Auth0ClientOptions, the only way I currently see to override this behavior would be to use Reflection.

On Android and iOS, Is there any specific reason for ignoring custom implementations of IBrowser on the Auth0Client class?

#if __IOS__
    RedirectUri = $"{Foundation.NSBundle.MainBundle.BundleIdentifier}://{options.Domain}/ios/{Foundation.NSBundle.MainBundle.BundleIdentifier}/callback",
    Browser = new PlatformWebView(options.Controller),
#elif __ANDROID__
    RedirectUri = options.RedirectUri ?? $"{packageName}://{options.Domain}/android/{packageName}/callback".ToLower(),
    Browser = new PlatformWebView(options.Activity),

When attempting a login from UWP, WinForms or WPF the browser that is triggered can display various warnings and errors when going through to social logins as the rendering engine is based on an old version of Internet Explorer that many of these sites no longer support.

For example:

Recently we migrated app to V2, but we have problem with Auth0 library under Android 6.0
Authentication works fine under Android 7.0, but on Android 6.0 we get Android.Util.AndroidRuntimeException when calling LoginAsync method of Auth0Client class.
Message is:

Calling startActivity() from outside of an Activity context requires the FLAG_ACTIVITY_NEW_TASK flag. Is this really what you want?

My guess is this isn't an issue with this client specifically, but the implementation of the new universal login, but just going to file here.

When using the New Universal Login, if in the winforms client you type in the wrong username/password, the browser just closes and gives you an Http error. In the old flow, the browser would remain open during failed attempts.

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

Provide a clear and concise description of the issue, including what you expected to happen.

When a user is prevented from logging in because of a rule, the login window closes and the LoginResult that is returned has everything null except for time variables which are 1/1/0001 12:00AM and isError which is true and Error which is "unauthorized". Ideally, the custom error message from the UnauthorizedError thrown from the rule would show up on the login screen, but I would at least like to have the custom error message returned in the LoginResult object instead of the unspecific "unauthorized".

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

Where applicable, please include:

• Code sample to reproduce the issue
• Log files (redact/remove sensitive information)
• Application settings (redact/remove sensitive information)
• Screenshots

1. Create a new Auth0Client and call the LoginAsync method. The login window will show up.
2. Login with a user that will violate a rule (ie. email not verified and the provided auth0 email not verified rule)
3. The login window closes and the LoginResult returned from the LoginAsync call contains isError = true and Error = "unauthorized", but no field containing the custom error message from the rule

Environment

Please provide the following:

• Version of this library used: Auth0.OidcClient.WinForms 3.1.3, Auth0.ManagementApi 7.0.8
• Version of the platform or framework used, if applicable: .NET Framework 4.7.2
• Other relevant versions (language, server software, OS, browser): C#, Windows 10, Edge Chromium
• Other modules/plugins/libraries that might be involved:

We are trying to allow users to log out from our application and then log in again. The first login works just fine, but unfortunately the second login always fails with LoginResult containing the "invalid_state" error. There doesn't seem to be a general problem with the implementation as the issue constanly only affects the second login.

Is there something we have to "reset" before calling LoginAsync a second time? Very similar code on Android works just fine, the issue only occurs on iOS.

This is our implementation - as we are using Xamarin.Forms we are calling the native Auth0 client code within a dependency service. Otherwise, we are following the Xamarin quickstart guide.

class Auth0LoginManager : ILoginManager
{
    public static Auth0Client client = new Auth0Client(new Auth0ClientOptions
    {
        Domain = //redacted
        ClientId = //redacted
        Scope = "openid offline_access profile",
        LoadProfile = true,
    });
 
    public async Task GetUser()
    {      
        var loginResult = await client.LoginAsync(new { audience = "redacted"});
        if (!loginResult.IsError)
        {
            //Transfer auth result to PCL
        }
    }
}

Describe the problem you'd like to have solved

I would like to be able to use these clients in .NET Core WinForms and WPF applications

Describe the ideal solution

Convert the WinForms and WPF project files to the .NET Core format and add netcoreapp3.1 as a TargetFramework

Alternatives and current work-arounds

Implement a custom version of the clients that rely on Auth0.OidcClient.Core in my .NET Core applications. Since Auth0.OidcClient.Core is .NET Standard 2.0 compliant, it can already be used in .NET Core applications without any issue.

Additional context

None

All the links on this page are broken.

Description

Unable to set custom callback URL callback for Auth0.OidcClient.iOS and Auth0.OidcClient.Android (possibly others).
If you setup your Auth0ClientOptions like this:

var callback = "com.myapp.thing://somedomain/ios/com.myapp.thing/callback";
var clientOptions = new Auth0ClientOptions()
{
    ClientId = ...,
    Domain = ...,
    Scope = ...,
    LoadProfile = ...,
    RedirectUri = callback,
    PostLogoutRedirectUri = callback,
};
...
var client = new Auth0Client(clientOptions);

In this instance you define the callback uri which gets passed to the constructor of the Auth0Client object. Within the iOS and Android code itself this is blown away making it impossible to set custom uri callbacks.

The comments for RedirectUri do say that "This should only be done in exceptional circumstances", but practically its impossible to use a custom RedirectUri.

In our particular case our Android app works as it has a .ToLower() on the end of that call bar uri it generates. For iOS we are unable to change our bundle name to be lowercase. That doesn't change the fact that the code is just broken.

The .ToLower() can actually be traced back to a pre2.0 build as listed in the top comment of #10

Prerequisites

• I have checked the README documentation.
• I have checked the Auth0 Community for related posts.
• I have checked for related or duplicate Issues and PRs.
• I have read the Auth0 general contribution guidelines.
• I have read the Auth0 Code of Conduct.
• I am reporting this to the correct repository.

Environment

Using oidc client v2.4 for iOS and 2.4.1 for Android in an Xamarin.Forms application.

showing script error message box, auth0Lock is undefined.