-
Notifications
You must be signed in to change notification settings - Fork 393
feat(W-22697744): DPoP proof JWT on API calls (Phase 3) #2949
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 4 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
44ec1bf
W-22695293: Add Android OAuth2 token exchange analysis for DPoP imple…
wmathurin 8afc2b6
W-22695293: Move OAuth2 token exchange analysis to workspace specs
wmathurin 084b0e9
Merge branch 'dpop' of github.com:forcedotcom/SalesforceMobileSDK-And…
wmathurin bec4b7e
feat(W-22697744): DPoP proof JWT on API calls (Phase 3)
wmathurin 782e88d
review: address PR feedback on W-22697744 Phase 3
wmathurin eb486f3
Fix DPoP fields not persisted in AccountManager
wmathurin d26cb65
Add regression tests for DPoP fields persisted in AccountManager
wmathurin f980913
Fix UserAccountTest serialization tests broken by DPoP fields
wmathurin d9cd846
Allow dpop as valid base branch in TestOrchestrator Danger check
wmathurin 223fdc3
Fix test failures caused by DPoP phase-3 production changes
wmathurin 0e1d6b8
Fix ClientManagerMockTest: stub isUseDPoP() on SalesforceSDKManager mock
wmathurin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small cross-platform consistency question on the identity-service path. If proof attachment throws here we log and proceed — but the request still carries
Authorization: DPoP <token>with noDPoPproof header, which the server will reject, so the fallback can't really succeed.iOS made the identity coordinator (
SFIdentityCoordinator) fail-closed for exactly this in commit97a62410a— it bails out and surfaces the error rather than sending an unusable request. Worth noting the resource-API path is fine as-is: both platforms are fail-open there (iOSSFRestRequestlogs and proceeds too), so this is just about the identity call site matching iOS.Not asserting a change — this touches auth/credential handling, so flagging for a conscious call: either match iOS and surface the failure on the identity path, or keep a uniform fail-open policy across all DPoP paths and drop a one-line comment noting it's intentional. What's your preference?
This response was generated by an AI agent on behalf of @JohnsonEricAtSalesforce.