Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for fetching rich consents #139

Merged
merged 7 commits into from
Jan 9, 2025
Merged

feat: Add support for fetching rich consents #139

merged 7 commits into from
Jan 9, 2025

Conversation

sam-muncke
Copy link
Contributor

@sam-muncke sam-muncke commented Dec 10, 2024
edited
Loading

Description

Adds the ability to retrieve additional consent information from Auth0's /rich-consents endpoint. This is required for certain flows such Client Initiated Backchannel Authentication (CIBA).

On receipt of a push notification, where required, additional consent can be obtained as follows:

Guardian
    .consent(forDomain: AppDelegate.guardianDomain, device: enrollment)
    .fetch(consentId: notification.transactionLinkingId, notificationToken: notification.transactionToken)
    .start{result in
        switch result {
        case .failure(let cause):
            // handle error
        case .success(let payload):
            // render consent information to user
    }
}

The user can then use the additional information in the consent record to decide whether to allow or reject the request.

Example of rich-consents binding message being rendered in the test app:

Requests to the /rich-consent endpoint require sender constraining via demonstrating proof of possession based on a modified version of the DPoP standard to ensure the access token is bound to the keys used for device enrollment. This change also extends the existing JWT encoding to be able to create a DPoP Proof JWT.

References

Testing

  1. Requires CIBA flow enabled for you Auth0 tenant (currently in Beta).
  2. Enable CIBA grant on your Auth0 application under application settings.
  3. Using the TestApp included in this repo, configure Guardian MFA for iOS using APNs
  4. Enroll the device for a user
  5. Initiate a CIBA auth request
  6. Device should receive a push notification, rendering a consent panel with the CIBA binding message.
  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@sam-muncke sam-muncke marked this pull request as ready for review December 11, 2024 12:18
sam-muncke and others added 2 commits December 11, 2024 15:55
@sam-muncke
Add README section for fetching consent
0b5f66c
@Artelas @ionutmanolache-okta
Code review (#140)
0ed4950 
* Code review

* removed context path manipulation

* Tests fixed

* Changed method signature to correct

---------

Co-authored-by: Ionut Manolache <ionut.manolache@okta.com>
@sam-muncke sam-muncke requested review from ionutmanolache-okta and Artelas and removed request for ionutmanolache-okta January 8, 2025 12:16
ionutmanolache-okta
ionutmanolache-okta previously approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@ionutmanolache-okta ionutmanolache-okta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ionutmanolache-okta
ionutmanolache-okta requested changes Jan 9, 2025
View reviewed changes
README.md Outdated Show resolved Hide resolved
@ionutmanolache-okta ionutmanolache-okta merged commit 78470ec into master Jan 9, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ionutmanolache-okta ionutmanolache-okta ionutmanolache-okta approved these changes

@Artelas Artelas Artelas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sam-muncke @Artelas @ionutmanolache-okta