profile
viewpoint

artdent/mingus-python3 4

Automatically exported from code.google.com/p/artdent-mingus-python3

artdent/react-native-chrome-custom-tabs 4

Use Chrome Custom Tabs from React Native on Android

artdent/objectivedart 2

Simple fretboard trainer web app

artdent/approaches-to-styling 0

A comparison of several approaches to styling a React app.

artdent/chicago-brick 0

Software that displays content on a multi-node video wall.

artdent/clock-skew 0

A library for calculating the clock skew between a local and a remote clock.

artdent/CodeMirror 0

An editable-iframe based code editor in JavaScript

artdent/CodeMirror2 0

In-browser code editor

artdent/dygraphs 0

Interactive visualizations of time series using JavaScript and the HTML canvas tag. Issue tracker at http://code.google.com/p/dygraphs/issues/list

artdent/emoji-mart 0

One component to pick them all 👊🏼

issue openedokta/okta-react-native

okta-react-native: different android/ios behavior of `introspectAccessToken`

I'm submitting this issue for the package(s):

  • [ ] jwt-verifier
  • [ ] okta-angular
  • [ ] oidc-middleware
  • [ ] okta-react
  • [x] okta-react-native
  • [ ] okta-vue

I'm submitting a:

  • [x] Bug report <!-- Please search GitHub for a similar issue or PR before submitting -->
  • [ ] Feature request
  • [ ] Other (Describe below)

Current behavior

The introspectAccessToken function provided by okta-react-native behaves differently on Android and on iOS.

On iOS, it resolves with the entire contents of the token. On Android, it only includes a hard-coded list of fields. This means that if you have extra claims on your access token, they are not available in the Android implementation.

Expected behavior

The function should return the entire token on both platforms.

The easiest way to do this would be to move the implementation out of native code and into js. All of the token introspection functions could be implemented the same way that getUserFromIdToken currently is: retrieve the token from the native module, and then call jwt.decode() on it. (That's the workaround to this bug, incidentally.)

Minimal reproduction of the problem with instructions

import {introspectAccessToken} from '@okta/okta-react-native';

// This function will succeed on iOS and fail on Android.
async function retrieveAccessToken() {
  const accessToken = await introspectAccessToken();
  // This assumes you have an extra `groups` claim on your access token.
  if (!accessToken.groups) {
    throw Error('Missing field in access token');
  }
  return accessToken;
}

Extra information about the use case/user story you are trying to implement

n/a

Environment

  • Package Version: @okta/okta-react-native 1.4.0
  • Browser: n/a
  • OS: Android
  • Node version (node -v): n/a
  • Other:

created time in 15 days

issue commentokta/okta-oidc-js

okta-react-native: different android/ios behavior of `introspectAccessToken`

It appears that the SDK still only extracts a hard-coded list of fields: https://github.com/okta/okta-react-native/blob/master/android/src/main/java/com/oktareactnative/OktaSdkBridgeModule.java#L626-L641. Thus, this problem still exists. (Although I assume this issue belongs in that project now.)

artdent

comment created time in 15 days

issue commentmicrosoft/appcenter

Builds independent of branches

Still an issue

mike14u

comment created time in 3 months

more