Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add X-Forwarded-For header to Get Token requests [SDK-1941]
See original GitHub issuePlease do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.
Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.
By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.
Describe the problem you’d like to have solved
I currently have an API that my customers hit to get a token. The API then uses Python to call Auth0 to exchange credentials for a token. The code uses
GetToken.login(),GetToken.client_credentials, andGetToken.refresh_token. I’ve noticed that the API supports using the X-Forwarded-For header so that I could include the customer’s IP address and Auth0 would use that IP address for any anomaly detection and for logging activity instead of all customers being tied to my API’s IP address. However, the auth0-python library does not support adding the X-Forwarded-For header to the request.
Describe the ideal solution
The auth0-python
GetTokenmethods support providing an X-Forwarded-For header to the request to the Auth0 API. This could either be a generic optionalheadersargument added to the method and those headers get added to the request or it could be a specific optionalx_forwarded_forargument that gets added to the request headers. That would allow me to inspect the IP address of my incoming request and add that to the request sent to the Auth0 API.
Alternatives and current work-arounds
I currently don’t have any work-arounds in place, which means Auth0 only sees the IP address of my API resulting in one bad user potentially impacting all users. A possible work-around is to stop using the auth0-python library and to simply make requests directly to the Auth0 API myself.
Additional context
N/A
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi, any news about the capability to set an
auth0-forwarded-forheader to the python SDK?This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️