chore: sync V3 with master#1126
Merged
sanchitmehtagit merged 10 commits intodevelop/v3.0from Mar 24, 2026
Merged
Conversation
#1109) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: sanchitmehtagit <sanchitnitj@gmail.com> Co-authored-by: nandan_prabhu <nandan.prabhup@okta.com>
#1121) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sanchitmehtagit
changed the title
There was a problem hiding this comment.
Pull request overview
Syncs the V3 branch with master by merging in upstream changes, updating published docs/artifacts, and aligning tests and CI configuration with the latest SDK behavior.
Changes:
- Bumps SDK/versioned artifacts to 2.18.0 (README install snippets, podspec, Info.plist, Version.swift, changelog).
- Updates Web Auth flow to always generate/pass a nonce and updates related tests.
- Regenerates DocC JSON files and updates docs (DPoP GA wording, adds
isRetryabledocs, adds Management API (Users) examples), plus minor CI action pin bumps.
Reviewed changes
Copilot reviewed 66 out of 816 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/data/documentation/auth0/authentication/logindefaultdirectory(withusername:password:audience:scope:)-4gru8.json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/login(withotp:mfatoken:).json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/login(phonenumber:code:audience:scope:)-8kbii.json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/login(facebooksessionaccesstoken:profile:audience:scope:)-28ncj.json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/login(email:code:audience:scope:)-39g8b.json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/jwks().json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/codeexchange(withcode:codeverifier:redirecturi:).json | Regenerated DocC JSON for method documentation. |
| docs/data/documentation/auth0/authentication/clientid.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/authentication(session:bundle:).json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/authentication(clientid:domain:session:).json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0error/localizeddescription.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0error/errordescription.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0error/cause.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0error/cause-9wuyi.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0error/cause-97kwn.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0apierror/statuscode.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0apierror/isretryable.json | Adds DocC JSON for new public isRetryable API documentation. |
| docs/data/documentation/auth0/auth0apierror/isnetworkerror.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0apierror/init(info:statuscode:).json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0apierror/info.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/auth0apierror/code.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/tokentype.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/scope.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/init(from:)-8e5ds.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/init(from:)-5sa91.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/init(accesstoken:tokentype:expiresin:scope:).json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/expiresin.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/description.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials/decodable-implementations.json | Regenerated DocC JSON for default implementations page. |
| docs/data/documentation/auth0/apicredentials/accesstoken.json | Regenerated DocC JSON for symbol documentation. |
| docs/data/documentation/auth0/apicredentials.json | Regenerated DocC JSON for type page. |
| README.md | Updates install snippet versions to 2.18. |
| EXAMPLES.md | Updates DPoP section wording/anchors, documents isRetryable, and adds Management API (Users) examples. |
| CHANGELOG.md | Adds 2.18.0 changelog entry. |
| Auth0Tests/WebAuthSpec.swift | Updates URL building tests to pass nonce; adds state/nonce tests. |
| Auth0Tests/AuthenticationErrorSpec.swift | Adds test coverage for isRetryable. |
| Auth0/Version.swift | Bumps runtime version constant to 2.18.0. |
| Auth0/Info.plist | Bumps CFBundleShortVersionString to 2.18.0. |
| Auth0/DPoP/SenderConstraining.swift | Removes Early Access availability notes from DPoP docs. |
| Auth0/DPoP/DPoP.swift | Removes Early Access availability notes from DPoP docs. |
| Auth0/Auth0WebAuth.swift | Introduces always-generated nonce + refactors state generation helper. |
| Auth0/Auth0APIError.swift | Makes isRetryable public via public extension. |
| Auth0.podspec | Bumps podspec version to 2.18.0. |
| .github/workflows/main.yml | Updates Codecov GitHub Action pin. |
| .github/actions/setup/action.yml | Updates ruby/setup-ruby GitHub Action pin. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - [Web Auth configuration](#web-auth-configuration) | ||
| - [ID token validation](#id-token-validation) | ||
| - [DPoP [EA]](#dpop-ea) | ||
| - [DPoP](#dpop) |
There was a problem hiding this comment.
The TOC entry was changed to link to #dpop, but the section header still includes [EA] (### DPoP [EA]), which will typically generate an anchor like #dpop-ea on GitHub and break the link. Rename the heading to ### DPoP (and similarly anywhere else [EA] remains) so the anchors match the updated TOC.
| @@ -490,10 +490,7 @@ Auth0 | |||
|
|
|||
| ### DPoP [EA] | |||
There was a problem hiding this comment.
The TOC entry was changed to link to #dpop, but the section header still includes [EA] (### DPoP [EA]), which will typically generate an anchor like #dpop-ea on GitHub and break the link. Rename the heading to ### DPoP (and similarly anywhere else [EA] remains) so the anchors match the updated TOC.
Suggested change
| ### DPoP [EA] | |
| ### DPoP |
Comment on lines
+114
to
116
| .buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, nonce: Nonce, state: State), | ||
| "domain": Domain, | ||
| "query": defaultQuery(), |
There was a problem hiding this comment.
These URL-building tests now pass a nonce, and buildAuthorizeURL appears to always include nonce in the query. However, the expected query is still defaultQuery() (which, per the provided helper, does not include nonce). This will likely cause the shared behavior assertions to fail. Update the expected query to include the nonce (e.g., extend defaultQuery to accept a nonce parameter or include it in withParameters: for these cases).
Comment on lines
+325
to
334
| func generateRandomString() -> String { | ||
| let data = Data(count: 32) | ||
| var tempData = data | ||
|
|
||
| let result = tempData.withUnsafeMutableBytes { | ||
| SecRandomCopyBytes(kSecRandomDefault, data.count, $0.baseAddress!) | ||
| } | ||
|
|
||
| guard result == 0, let state = tempData.a0_encodeBase64URLSafe() | ||
| guard result == errSecSuccess, let randomString = tempData.a0_encodeBase64URLSafe() | ||
| else { return UUID().uuidString.replacingOccurrences(of: "-", with: "") } | ||
|
|
||
| return state | ||
| return randomString | ||
| } |
There was a problem hiding this comment.
In generateRandomString, SecRandomCopyBytes is called with data.count even though the buffer being filled is tempData. Using tempData.count avoids accidental divergence if this method changes. Also consider creating tempData directly (instead of allocating data then copying) to reduce unnecessary copying (optional).
pmathew92
previously approved these changes
Mar 23, 2026
Contributor
|
source branch can be chore/master2developv3.0 |
NandanPrabhu
approved these changes
Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📋 Changes
Merge Master to V3
resolved conflicts