Skip to content

DoOIDCCallbackAsync should be allowed for an unauthenticated client #378

New issue
New issue
Open
#379
Open
DoOIDCCallbackAsync should be allowed for an unauthenticated client#378
#379
@ezhevita

Description

@ezhevita
ezhevita
opened on Mar 3, 2025

Describe the bug
DoOIDCCallbackAsync can't be called with an unauthenticated client, similar to #348

VaultSharp Version
1.17.5.1

Vault Version
1.18.4

Does this work with Vault CLI?
Yes

Sample Code Snippet

        var tempAuthMethod = new NullAuthMethodInfo();
        var tempClient = new VaultClient(new VaultClientSettings(vaultUri.ToString(), tempAuthMethod));
        var callbackUrl = (await tempClient.V1.Auth.JWT.GetOIDCAuthURLAsync($"{CallbackHost}/oidc/callback", roleName: "oidc-role", mountPoint: "oidc").ConfigureAwait(false)).Data.AuthorizationURL;

        // Getting callback data is omitted for brevity
        string state = "";
        string code = "";

        // Exception!
        var token = (await tempClient.V1.Auth.JWT.DoOIDCCallbackAsync(state, HttpUtility.ParseQueryString(callbackUri.Query)["nonce"], code, mountPoint: "oidc").ConfigureAwait(false)).AuthInfo.ClientToken;
public class NullAuthMethodInfo : CustomAuthMethodInfo
{
    public NullAuthMethodInfo() : base("null", () => null)
    {
    }
}

Exception Details/Stack Trace/Error Message

System.NullReferenceException: Object reference not set to an instance of an object.
   at VaultSharp.V1.AuthMethods.Custom.CustomAuthMethodLoginProvider.<GetVaultTokenAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at VaultSharp.Core.Polymath.<MakeVaultApiRequest>d__21`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at VaultSharp.V1.AuthMethods.JWT.JWTAuthMethodProvider.<DoOIDCCallbackAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at <application code>

Any additional info
Adding unauthenticated: true should be enough to fix this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions