Skip to content

Added telemetry Support#34

Merged
tanya732 merged 1 commit intomainfrom
add-telemetry-support
Apr 2, 2026
Merged

Added telemetry Support#34
tanya732 merged 1 commit intomainfrom
add-telemetry-support

Conversation

@tanya732
Copy link
Copy Markdown
Contributor

@tanya732 tanya732 commented Mar 30, 2026
edited
Loading

Summary

Adds Auth0-Client telemetry header to JWKS requests made during JWT validation. This enables Auth0 to track SDK usage and version adoption across customer deployments.

Changes

  • New TelemetryProvider class — Builds and caches a Base64url-encoded JSON payload containing the SDK name, version, and Java runtime version.
  • New auth0-client-info.properties resource — Stores the SDK name (springboot-api) and a version placeholder (${version}) that Gradle expands at build time via processResources.
  • Updated JWTValidator — Replaced the default UrlJwkProvider(domain) constructor with a custom createJwkProvider() method that attaches the Auth0-Client and Accept headers to all JWKS endpoint requests.
  • Unit tests — Validates the header value is well-formed Base64 JSON with expected keys, and verifies caching behavior.

How it works

  1. At build time, Gradle's processResources replaces ${version} in auth0-client-info.properties with the project version (e.g., 1.0.0-beta.0).
  2. At runtime, TelemetryProvider.getHeaderValue() reads the properties file from the classpath and constructs a JSON payload:
{"name":"springboot-api","version":"1.0.0-beta.0","java":"17.0.17"}
  1. The JSON is Base64url-encoded (no padding) and sent as the Auth0-Client header on every JWKS request:
Auth0-Client: eyJuYW1lIjoic3ByaW5nYm9vdC1hcGkiLCJ2ZXJzaW9uIjoiMS4wLjAtYmV0YS4wIiwiamF2YSI6IjE3LjAuMTcifQ
  1. JWTValidator.createJwkProvider() constructs the full JWKS URL (https://{domain}/.well-known/jwks.json) and passes custom headers to UrlJwkProvider.

Working sample

// JWTValidator automatically includes telemetry — no user action needed
AuthOptions options = new AuthOptions("your-tenant.auth0.com", "https://your-api-audience");
JWTValidator validator = new JWTValidator(options);

// When validateToken is called, the JWKS fetch includes:
//   GET https://your-tenant.auth0.com/.well-known/jwks.json
//   Headers:
//     Accept: application/json
//     Auth0-Client: eyJuYW1lIjoic3ByaW5nYm9vdC1hcGkiLCJ2ZXJzaW9uIjoiMS4wLjAtYmV0YS4wIiwiamF2YSI6IjE3LjAuMTcifQ
DecodedJWT jwt = validator.validateToken(accessToken, headers,
httpRequestInfo);

You can also inspect the telemetry value directly:

String headerValue = TelemetryProvider.getHeaderValue();
// Decode to verify:
String json = new String(Base64.getUrlDecoder().decode(headerValue), StandardCharsets.UTF_8);
//  {"name":"springboot-api","version":"1.0.0-beta.0","java":"17.0.17"}

@tanya732 tanya732 marked this pull request as ready for review April 2, 2026 07:36
@tanya732 tanya732 requested a review from a team as a code owner April 2, 2026 07:36
@tanya732 tanya732 merged commit f07c64d into main Apr 2, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kailash-b kailash-b kailash-b approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tanya732 @kailash-b