Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthenticateWithPasswordAsync throws null ref exception #193

Open
philmiatech opened this issue Jan 30, 2023 · 2 comments
Open

AuthenticateWithPasswordAsync throws null ref exception #193

philmiatech opened this issue Jan 30, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@philmiatech
Copy link

Describe the bug?

When logging in using username & password through the idx client twice in succession, the first attempt succeeds but the second attempt fails with a null ref error.

On the second attempt, the error comes from IdxClient.cs AuthenticateWithPasswordAsync when attempting to access a null remediation object within the IdxResponse (result of IntrospectAsync(...)).

https://github.com/okta/okta-idx-dotnet/blob/Okta.Idx.Sdk%40v2.2.7/src/Okta.Idx.Sdk/IdxClient.cs#L584

Our client is setup like so:

        _idxClient = new IdxClient(
            new Okta.Idx.Sdk.Configuration.IdxConfiguration()
            {
                Issuer = "https://<removed>/oauth2/default",
                ClientId = "<removed>",
                ClientSecret = "<removed>",
                Scopes = new List<string> { "openid", "profile", "offline_access" },
                RedirectUri = "http://<removed>/login/callback", 
            }
        );

And the client's AuthenticateAsync method is called with this snippet:

            var authnOptions = new AuthenticationOptions
            {
                Username = username,
                Password = password,
            };

            var authnResponse = await _idxClient.AuthenticateAsync(authenticationOptions: authnOptions).ConfigureAwait(false);

            if (authnResponse.AuthenticationStatus == Okta.Idx.Sdk.AuthenticationStatus.Success)
            {
                var accessToken = authnResponse.TokenInfo.AccessToken;
            }

What is expected to happen?

Auth works every time.

What is the actual behavior?

"Object reference not set to an instance of an object." error is returned from the AuthenticateWithPasswordAsync method.

Reproduction Steps?

Call login endpoint which uses the idx client (SUCCESS), call endpoint again (FAILURE).

Additional Information?

No response

.NET Version

7.0.102

SDK Version

2.2.7

OS version

Happens using macOS and Windows dev environments.
@philmiatech philmiatech added the bug Something isn't working label Jan 30, 2023
@philmiatech
Copy link
Author

philmiatech commented Jan 31, 2023
edited

Potentially resolving the issue by reinstantiating the client for each request, aka transient scope through DI. The sample project appears to setup the IdxClient similarly using the TransientLifetimeManager.

The Classic Engine Authentication SDK seems to be working as a singleton.

Might be worth updating the readme if this is expected use/behavior for the new Idx sdk.

@philmiatech
Copy link
Author

philmiatech commented Jan 31, 2023
edited

https://github.com/okta/okta-idx-dotnet/blob/master/src/Okta.Idx.Sdk/IIdxResponse.cs#L39 Code documentation for the IIdxResponse class indicates that remediation may be null. So the code in the IdxClient ~line 584 may still fail under other circumstances.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@philmiatech