Skip to content
This repository has been archived by the owner on Mar 22, 2021. It is now read-only.

Stop decoding Auth0 client secrets by default #221

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

drewcimino
Copy link

This pull request fixes #149.

As of December 2016, Auth0 is not Base64-encoding the client secrets. Existing secrets on Auth0 are remaining that way, but newly generated ones won't be.

I propose changing the config/knock.rb template to not use JWT.base64url_decode, to maintain out-of-the-box functionality with new Auth0 implementations. That line is specifically written for Auth0 implementations and anyone with a Base64-encoded secret is already using it, so changing the default shouldn't affect them.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Auth0 client secrets shouldn't be Base64-decoded by default in knock.rb
1 participant