Giters

ramosbugs / openidconnect-rs

OpenID Connect Library for Rust

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Failed to get ID token from Auth0 due to "untagged enum Timestamp"

jmmv opened this issue · comments

commented

Hello,

I'm trying to use this crate (version 2.5.0) against Auth0 and I'm running into some issues. It's possible that this is caused by me misusing the crate's API, but... the code I have so far is a direct copy/paste of the sample code in the documentation, so there may be an actual bug.

When I issue the exchange_code call to obtain an ID token right after I get a callback redirect, I get an error of type RequestTokenError::Parse. Here is the error message (first field of the Parse type):

Error { path: Path { segments: [] }, original: Error(\"Failed to parse payload JSON: Error(\\\"data did not match any variant of untagged enum Timestamp\\\", line: 1, column: 466)\", line: 1, column: 1626) }

And then this is the content (second field of the Parse type) I got back from the server (tokens redacted):

{\"access_token\":\"some secret stuff\",\"id_token\":\"more secret stuff\",\"scope\":\"openid profile\",\"expires_in\":86401,\"token_type\":\"Bearer\"}"}

I suspect the problem is caused by the untyped expires_in field, but as far as I can tell, that's a valid reply from the server.

Note that I had to explicitly capture the Parse error and turn the raw byte output from the server into a string to print it out. (It'd be nice if the default Debug on Parse did this, as it was pretty annoying to decode the actual output I got from the server.)

Could you advice? Am I really misusing something, or does the code in the crate need some extra type annotations for proper deserialization?

Thank you!

commented

Looking further into this, the problem is coming from the content of the ID token itself. When decoding it via jwt.io, I get:

{
  "nickname": "jmmv",
  "name": "some@email.address",
  "picture": "gravatar URL",
  "updated_at": "2023-02-15T14:10:56.330Z",
  "iss": "https://dev-foobar.us.auth0.com/",
  "aud": "some value",
  "iat": 1676653285,
  "exp": 1676689285,
  "sub": "auth0|some value",
  "sid": "some value",
  "nonce": "ekkh3mqcD_NOZD2rpf7kFA"
}

and passing the base64-encoded token to CoreIdToken::from_str results into the same error...

commented

... and this is a dup of #23. Glad there is a feature to fix this!