Skip to content

Comments

Fix Base64Url encoding and harden authentication input validation#919

Merged
kailash-b merged 3 commits intomasterfrom
feat/SDK-7820
Feb 20, 2026
Merged

Fix Base64Url encoding and harden authentication input validation#919
kailash-b merged 3 commits intomasterfrom
feat/SDK-7820

Conversation

@kailash-b
Copy link
Contributor

Changes

This pull request includes three distinct improvements to the Auth0.NET SDK:

1. Improved Validation for ForwardedForIp

  • Added validation for the ForwardedForIp header in authentication API token requests
  • Throws ArgumentException with descriptive message if an invalid IPv4 or IPv6 address is provided

2. Refactored ParseQuotaLimit to Handle Edge Cases

  • Improved the ParseQuotaLimit() method in Extensions.cs to gracefully handle malformed headers instead of throwing exceptions

3. Fixed Base64 URL Encoding

  • Corrected the Base64UrlEncode() method in Utils.cs to properly implement RFC 4648 Base64 URL encoding.

References

Testing

  • This change adds unit test coverage

Checklist

@kailash-b kailash-b requested a review from a team as a code owner February 19, 2026 10:15
@codecov
Copy link

codecov bot commented Feb 19, 2026

Codecov Report

❌ Patch coverage is 97.61905% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 79.35%. Comparing base (e024a15) to head (611915d).
⚠️ Report is 4 commits behind head on master.

Files with missing lines Patch % Lines
src/Auth0.Core/Extensions.cs 96.29% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master     #919      +/-   ##
==========================================
+ Coverage   79.18%   79.35%   +0.17%     
==========================================
  Files         458      458              
  Lines        5932     5957      +25     
  Branches      278      282       +4     
==========================================
+ Hits         4697     4727      +30     
+ Misses       1140     1137       -3     
+ Partials       95       93       -2     
Flag Coverage Δ
authIntTests 30.68% <76.19%> (+0.17%) ⬆️
mgmtIntTests 60.61% <7.14%> (-0.21%) ⬇️
unittests 9.29% <96.66%> (+0.36%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kailash-b kailash-b changed the title Adds validation and handles some edge cases Adds validation and handles edge cases Feb 19, 2026
@kailash-b kailash-b changed the title Adds validation and handles edge cases Fix Base64Url encoding and harden authentication input validation Feb 19, 2026
@kailash-b kailash-b merged commit 6885501 into master Feb 20, 2026
8 checks passed
@kailash-b kailash-b deleted the feat/SDK-7820 branch February 20, 2026 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants