Skip to content

Comments

Fix Base64Url encoding and harden authentication input validation#919

Merged
kailash-b merged 3 commits intomasterfrom
feat/SDK-7820
Feb 20, 2026
Merged

Fix Base64Url encoding and harden authentication input validation#919
kailash-b merged 3 commits intomasterfrom
feat/SDK-7820

Conversation

@kailash-b
Copy link
Contributor

@kailash-b kailash-b commented Feb 19, 2026

Changes

This pull request includes three distinct improvements to the Auth0.NET SDK:

1. Improved Validation for ForwardedForIp

  • Added validation for the ForwardedForIp header in authentication API token requests
  • Throws ArgumentException with descriptive message if an invalid IPv4 or IPv6 address is provided

2. Refactored ParseQuotaLimit to Handle Edge Cases

  • Improved the ParseQuotaLimit() method in Extensions.cs to gracefully handle malformed headers instead of throwing exceptions

3. Fixed Base64 URL Encoding

  • Corrected the Base64UrlEncode() method in Utils.cs to properly implement RFC 4648 Base64 URL encoding.

References

Testing

  • This change adds unit test coverage

Checklist

@kailash-b kailash-b requested a review from a team as a code owner February 19, 2026 10:15
@codecov
Copy link

codecov bot commented Feb 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 97.61905% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 79.35%. Comparing base (e024a15) to head (611915d).
⚠️ Report is 4 commits behind head on master.

Files with missing lines Patch % Lines
src/Auth0.Core/Extensions.cs 96.29% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #919      +/-   ##
==========================================
+ Coverage   79.18%   79.35%   +0.17%     
==========================================
  Files         458      458              
  Lines        5932     5957      +25     
  Branches      278      282       +4     
==========================================
+ Hits         4697     4727      +30     
+ Misses       1140     1137       -3     
+ Partials       95       93       -2
Flag Coverage Δ
authIntTests 30.68% <76.19%> (+0.17%) ⬆️
mgmtIntTests 60.61% <7.14%> (-0.21%) ⬇️
unittests 9.29% <96.66%> (+0.36%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kailash-b kailash-b changed the title Adds validation and handles some edge cases Adds validation and handles edge cases Feb 19, 2026
@kailash-b kailash-b changed the title Adds validation and handles edge cases Fix Base64Url encoding and harden authentication input validation Feb 19, 2026
@kailash-b kailash-b merged commit 6885501 into master Feb 20, 2026
8 checks passed
@kailash-b kailash-b deleted the feat/SDK-7820 branch February 20, 2026 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nandan-bhat nandan-bhat nandan-bhat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kailash-b @nandan-bhat