expo-authorization-proxy not found
Hello,
I've been using better-auth on native for a while, but my latest builds seem to try to access
expo-authorization-proxy which is not available on my server, is this a breaking feature that wasn't documented?10 Replies
I guess this is the change:
https://github.com/better-auth/better-auth/pull/4990/files?file-filters%5B%5D=.js&file-filters%5B%5D=.mdx&file-filters%5B%5D=.png&file-filters%5B%5D=.ts&file-filters%5B%5D=.tsx&file-filters%5B%5D=.ttf&file-filters%5B%5D=.yaml&file-filters%5B%5D=dotfile&show-deleted-files=true&show-viewed-files=true#diff-a95fa03eaa3ede5409efe90244f6f137c4f09e3354e652b4a4d20500f23c4f40L224
Is there a reason the client is using expo-authorization-proxy even if I don't use that plugin?
GitHub
fix(oauth-proxy): should skip state check for oauth proxy by Bekacr...
fixes #4985
Summary by cubic
Fixes OAuth Proxy callbacks by skipping the state cookie check when requests are proxied, restoring cross-domain OAuth flows. Also adds an Expo authorization proxy an...
cc @bekacru
Update both better-auth and @better-auth/expo
I have both updated, the issue is that it breaks connection to api endpoints that don't have the latest better auth version.
I'm wondering why the client was updated to use the proxy endpoint even in cases where I'm not using that plugin?
@bekacru fyi I'm also getting cloudflare security issues with the expo-authorization-proxy url, tripping their "anomaly detection" ruleset.
Oh are the APIs not in your control
Okay will take a look at this
I managed to update them now and it works. But still it was an unexpected api breaking change :/
It probably makes sense. I’d probably add a config option to set the endpoint name, so if someone encounters that they can change it to something less suspicious 🙂
Still imo the main issue is why are the clients going to the proxy if I’m not using the proxy plugin?
It’s was a security change that’s why it’s breaking. Sorry about that
I see. Anywhere I can read some more on it? Trying to understand how quickly I need to upgrade everything. If I wasn’t using the proxy plugin am I affected?
it's not really a security issue as in a vulnerability but recommendation. Proxy plugin actually skip this protection cause it doesn't really benefit much from it
fyi after updating the server, older expo clients are having issues logging in. This seems to be a major breaking change... still trying to work around it.