java.lang.NoSuchMethodError: 'okhttp3.RequestBody okhttp3.RequestBody.create(byte[], okhttp3.MediaType)'

[majugurci]

Hello,

after upgrading to the version 1.25.0 (from 1.24.0) i get the error in the title when getting TokenHolder.

My code looks the same as in your docs:

AuthAPI authAPI = new AuthAPI("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}");
AuthRequest authRequest = authAPI.requestToken("https://{YOUR_DOMAIN}/api/v2/");
TokenHolder holder = authRequest.execute();
ManagementAPI mgmt = new ManagementAPI("{YOUR_DOMAIN}", holder.getAccessToken());

The problem is this line: TokenHolder holder = authRequest.execute();

In previous versions everything worked great but since update to 1.25.0 it throws the following error:

Caused by: java.lang.NoSuchMethodError: 'okhttp3.RequestBody okhttp3.RequestBody.create(byte[], okhttp3.MediaType)'
        at com.auth0.net.CustomRequest.createRequestBody(CustomRequest.java:50)
        at com.auth0.net.ExtendedBaseRequest.createRequest(ExtendedBaseRequest.java:49)
        at com.auth0.net.BaseRequest.execute(BaseRequest.java:29)

[ivarprudnikov]

Identical issue, have reverted to 1.24.0 until further updates.

Resolved dependency tree of 1.24.0 looks like:

+--- com.auth0:auth0:1.24.0
|    +--- com.squareup.okhttp3:okhttp:3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

Resolved dependency tree of 1.25.0 looks like:

+--- com.auth0:auth0:1.25.0
|    +--- com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

In my case it is okhttp3 version resolution which causes this (I think) as the error seems to relate to the method deprecated in okhttp3 version 4, ie com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9

But interestingly different versions of okhttp3 are required within com.auth0:auth0:1.25.0 itself:

• com.squareup.okhttp3:okhttp:4.9.0
• com.squareup.okhttp3:logging-interceptor:3.14.9 that depends on com.squareup.okhttp3:okhttp:3.14.9

[jimmyjames]

Thanks for the detailed info and dependency tree reports. I'm back from holiday this week; will take a look and hopefully get a fix out soon.

[jimmyjames]

I have #325 which is needed (just a bad miss on my part 😞), but I'm actually not able to reproduce this exact issue. If anyone has a small test app that reproduces this issue and could share it in a gist or a simple github repo, that would be great and I can then verify that the fix will indeed address the specific error raised here. Thanks all, apologies for this mistake!

[ivarprudnikov]

Was able to reproduce in https://github.com/ivarprudnikov/test-auth0-java-dependency with a build.gradle file:

plugins {
	id 'java'
	id 'application'
	id "org.springframework.boot" version "2.3.6.RELEASE"
	id "io.spring.dependency-management" version "1.0.10.RELEASE"
}

repositories {
    mavenCentral()
	jcenter()
	maven { url = uri("https://jitpack.io") }
}

sourceCompatibility = "11"

dependencies {
	implementation "com.auth0:auth0:1.25.0"
}

mainClassName = 'hello.HelloWorld'

jar {
    baseName = 'test-auth0-gradle'
    version =  '0.1.0'
}

There are Github actions enabled and it tries to run the app which generates the failure we talk about here.

[jimmyjames]

Fantastic, thank you @ivarprudnikov! I'm able to reproduce the issue with your example. I suspect it's the spring dependency management plugin using its bom for okhttp v3, overriding auth0-java's dependency on v4, but need to investigate more.

[jimmyjames]

If I remove the Spring dependency management plugin (io.spring.dependency-management), the provided example works as expected. The Spring dependency management specifies OkHttp version 3, which overrides the dependency on v4 in this library.

As noted above, the specific issue is the change that replaced the (now deprecated as of version 4) call to RequestBody.create with its new form, and when using OkHttp v3, that method obviously doesn't exist.

I've not worked extensively with the Spring dependency management plugin, but I have had to find some workarounds in the past to override dependency versions using an extension property, e.g. something like:

ext {
    set 'okhttp3.version', '4.9.0'
}

Perhaps someone with more knowledge of that dependency plugin may be aware of another workaround.

[jsalinaspolo]

It could be fixed by adding strictly version into the dependencies

    implementation("com.squareup.okhttp3:okhttp") {
        version {
            strictly '4.9.0'
        }
    }

Or adding the BOM into the dependencyManagement

dependencyManagement {
    imports {
        mavenBom "com.squareup.okhttp3:okhttp-bom:4.9.0"
    }
}

[MarcusBiel]

Having the same issue... please fix asap!

[ogmzh]

Hey guys, any updates on this? Reverting down to 1.24 and trying to do a user update throws a:

com.auth0.exception.APIException: Request failed with status code 400: Payload validation error: 
'Additional properties not allowed: nonce_supported,logins_count,last_login,last_ip,identities,updated_at,created_at,user_id 
(consider storing them in app_metadata or user_metadata. See "Users Metadata" in https://auth0.com/docs/api/v2/changes for more details)'.

[jsalinaspolo]

@zhGio it does not get fix managing the dependencies as described earlier?

The problem is a transitive dependency from Spring.
#324 (comment)

Another solution could be to manage manually transitive dependencies from Spring:
https://docs.gradle.org/current/userguide/resolution_rules.html#sec:disabling_resolution_transitive_dependencies

[ogmzh]

Well unfortunately I'm using maven and not gradle and not sure how to apply the changes above mentioned

[ogmzh]

Ah alright, simply overrode the version in my pom.xml <properties> to <okhttp3.version>4.9.0</okhttp3.version>. Apparently spring boot guys reviewed and rejected the PR to update spring-boot-parent dependency version of okhttp3 to version 4...

Anyway, after the version upgrade I can successfully send the request through the auth0 SDK but I'm still getting the same message as above. Here's my full code snippet:

AuthAPI authAPI = new AuthAPI("{DOMAIN}", "{CLIENT}", "{SECRET}");
AuthRequest authRequest = authAPI.requestToken("{DOMAIN}/api/v2/");
TokenHolder holder = authRequest.execute();

ManagementAPI managementAPI = new ManagementAPI("{DOMAIN}", holder.getAccessToken());
UsersEntity userApi = managementAPI.users();
List<User> users = userApi.listByEmail("{EMAIL}", null).execute();
User someUser = users.get(0);
someUser.setBlocked(true);
userApi.update(someUser.getId(), someUser).execute();

results in:

com.auth0.exception.APIException: Request failed with status code 400: Payload validation error: 
'Additional properties not allowed: nonce_supported,logins_count,last_login,last_ip,identities,updated_at,created_at,user_id 
(consider storing them in app_metadata or user_metadata. 
See "Users Metadata" in https://auth0.com/docs/api/v2/changes for more details)'.

UPDATE: I figured out what went wrong but I'm dumbfounded as to why this was implemented this way, and going to leave the comment here so it might be useful for someone else.

So I considered the 'additional properties not allowed:' message and I removed them from the listUsersByEmail call, like:

FieldsFilter ff = new FieldsFilter()
List<User> users = userApi.listByEmail("{EMAIL}",
	ff.withFields("nonce_supported", false)
		.withFields("logins_count", false)
		.withFields("last_login", false)
		.withFields("last_ip", false)
		.withFields("identities", false)
		.withFields("updated_at", false)
		.withFields("created_at", false)
).execute();

User someUser = users.get(0);
String userId = someUser.getId(); // important to reassign the user id!
someUser.setBlocked(false); // your logic, what do you want to update
someUser.setId(null); // important to set this to null again
userApi.update(userId, someUser);

Note that I had to save the userId and then set the userId to null before sending the update request so that the request isn't bounced again (note that the 'Additional properties' message also included the user_id.

[nayomnik]

in android studio I did what @jsalinaspolo said above but still saw it red and then after 'invalidate cashs/restart' got it worked finally

[jimmyjames]

@zhGio I think the 400 error is unrelated to the OkHttp version, as it's an error being returned from the management API after making the request. If that is something specific to this SDK (e.g., a similar request done in a REST client is successful), please open up a new issue here for that.

[jimmyjames]

As noted above, if using spring dependency management, the solution is to add the okhttp v4 to the Spring BOM. We will update the README to include this information.

[Marcus-Biel-idnow]

I am not using spring, and I don't see why this is necessary at all.

[majugurci]

I don't know why this is closed since it's not fixed.
I have tried with version 1.27.0 but it still gives the same error.
I'm not using Spring, I'm using Quarkus.

What can we do to avoid this exception?
We are forced to stay on version 1.24.0 in which everything works fine.

[jsalinaspolo]

@majugurci I am not familiar with Quarkys, but does it use an old OkHttp version?
Are you not able to fix managing the dependencies described here?
#324 (comment)

If Quarkus or any other framework uses an old version of OkHttp and makes it a transitive dependency, it will need to be managed in the dependency management tool you use

[majugurci]

Quarkus uses maven for dependency management.

I have tried to override okhttp dependency like here but then it gives me another error:

java.lang.NoSuchFieldError: Companion
	at okhttp3.internal.Util.<clinit>(Util.kt:71)
	at okhttp3.HttpUrl$Builder.parse$okhttp(HttpUrl.kt:1239)
	at okhttp3.HttpUrl$Companion.get(HttpUrl.kt:1633)
	at okhttp3.HttpUrl$Companion.parse(HttpUrl.kt:1642)
	at okhttp3.HttpUrl.parse(HttpUrl.kt)
	at com.auth0.client.auth.AuthAPI.createBaseUrl(AuthAPI.java:177)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:74)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:96)

After looking at effective pom i see 3 mentions of okhttp:

      <dependency>
        <groupId>com.squareup.okhttp3</groupId>
        <artifactId>logging-interceptor</artifactId>
        <version>3.14.9</version>
      </dependency>
      <dependency>
        <groupId>com.squareup.okhttp3</groupId>
        <artifactId>okhttp</artifactId>
        <version>3.14.9</version>
      </dependency>
      <dependency>
        <groupId>io.grpc</groupId>
        <artifactId>grpc-okhttp</artifactId>
        <version>1.34.0</version>
      </dependency>

I have tried to also update logging-interceptor but then it throws this Exception:

java.lang.NoClassDefFoundError: Could not initialize class okhttp3.internal.Util
	at okhttp3.HttpUrl$Builder.parse$okhttp(HttpUrl.kt:1239)
	at okhttp3.HttpUrl$Companion.get(HttpUrl.kt:1633)
	at okhttp3.HttpUrl$Companion.parse(HttpUrl.kt:1642)
	at okhttp3.HttpUrl.parse(HttpUrl.kt)
	at com.auth0.client.auth.AuthAPI.createBaseUrl(AuthAPI.java:177)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:74)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:96)

If i try to update grpc-okhttp nothing relevant happens.

[MarcusBiel]

I use Quarkus as well, and I just ran mvn dependeny:tree on my project. The only dependency using okhttp3 is auth0:
[INFO] +- com.auth0:auth0:jar:1.24.0:compile
[INFO] | +- com.squareup.okhttp3:okhttp:jar:3.14.9:runtime
[INFO] | | - com.squareup.okio:okio:jar:1.17.2:runtime
[INFO] | +- com.squareup.okhttp3:logging-interceptor:jar:3.14.9:runtime

It's not fixed, I will stay on 1.24.0 and move away from auth0 as fast as possible.

[jsalinaspolo]

@MarcusBiel could you share the dependency tree using 1.27.0 or provide an example? If you do not have any transitive dependency of okhttp from another library, then you should not have any problem as a newer version of auth0 library uses okhttp 4.9. No conflicts should happen

[majugurci]

After running mvn dependency:tree with Auth0 version 1.27.0 this is what I got:

[INFO] +- com.auth0:auth0:jar:1.27.0:compile
[INFO] |  +- com.squareup.okhttp3:okhttp:jar:3.14.9:runtime
[INFO] |  |  \- com.squareup.okio:okio:jar:1.17.2:runtime
[INFO] |  +- com.squareup.okhttp3:logging-interceptor:jar:3.14.9:runtime

[jsalinaspolo]

The issue is while using Quarkus dependency management, similar to what was describe while using Spring dependency management.

To be able to reproduce the different scenarios, I created this sample repository

Adding it to dependencyManagement should enforce version 4.9.1

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.squareup.okhttp3</groupId>
                <artifactId>okhttp-bom</artifactId>
                <version>4.9.1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>com.squareup.okhttp3</groupId>
                <artifactId>okhttp</artifactId>
            </dependency>
            <dependency>
                <groupId>com.squareup.okhttp3</groupId>
                <artifactId>logging-interceptor</artifactId>
            </dependency>
        </dependencies>
    </dependencyManagement>

[majugurci]

I have tried it and now it really does show version 4.9.0 in dependency tree.

[INFO] +- com.auth0:auth0:jar:1.27.0:compile
[INFO] |  +- com.squareup.okhttp3:okhttp:jar:4.9.0:runtime
[INFO] |  |  +- com.squareup.okio:okio:jar:1.17.2:runtime
[INFO] |  |  \- org.jetbrains.kotlin:kotlin-stdlib:jar:1.4.20:runtime
[INFO] |  |     +- org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.4.20:runtime
[INFO] |  |     \- org.jetbrains:annotations:jar:13.0:runtime
[INFO] |  +- com.squareup.okhttp3:logging-interceptor:jar:4.9.0:runtime     
[INFO] |  |  \- org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.4.20:runtime
[INFO] |  |     \- org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.4.20:runtime

But now when calling

new AuthAPI(auth0Issuer, auth0ClientId, auth0ClientSecret);

it gives me the following error:

java.lang.NoSuchFieldError: Companion
	at okhttp3.internal.Util.<clinit>(Util.kt:71)
	at okhttp3.HttpUrl$Builder.parse$okhttp(HttpUrl.kt:1239)
	at okhttp3.HttpUrl$Companion.get(HttpUrl.kt:1633)
	at okhttp3.HttpUrl$Companion.parse(HttpUrl.kt:1642)
	at okhttp3.HttpUrl.parse(HttpUrl.kt)
	at com.auth0.client.auth.AuthAPI.createBaseUrl(AuthAPI.java:177)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:74)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:96)

Has anything changed about this call from version 1.24.0?

EDIT:
Effective pom was still showing me old okhhtp version, after restarting VSCode it now shows correct version. But now when calling new AuthAPI(auth0Issuer, auth0ClientId, auth0ClientSecret) for the first time it gives me the error from above, and on any further call it gives me this:

java.lang.NoClassDefFoundError: Could not initialize class okhttp3.internal.Util
	at okhttp3.HttpUrl$Builder.parse$okhttp(HttpUrl.kt:1239)
	at okhttp3.HttpUrl$Companion.get(HttpUrl.kt:1633)
	at okhttp3.HttpUrl$Companion.parse(HttpUrl.kt:1642)
	at okhttp3.HttpUrl.parse(HttpUrl.kt)
	at com.auth0.client.auth.AuthAPI.createBaseUrl(AuthAPI.java:177)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:74)
	at com.auth0.client.auth.AuthAPI.<init>(AuthAPI.java:96)

[jimmyjames]

Reopening based on above, thanks for providing the sample to reproduce, we'll follow up here with additional info once we reproduce and see what the solution may be.

[jimmyjames]

@majugurci I think that error is similar, but related to grpc-okhttp as you mentioned. Curious, what happens if you add this to your dependencyManagement?

<dependency>
    <groupId>com.squareup.okio</groupId>
    <artifactId>okio</artifactId>
    <version>2.10.0</version>
</dependency>

[majugurci]

It seems to fix the problem!
I will test it more thoroughly in the next days but for now this basic call has passed.

Now my pom.xml looks like this:

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>${quarkus.platform.group-id}</groupId>
        <artifactId>${quarkus.platform.artifact-id}</artifactId>
        <version>${quarkus.platform.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
      <dependency>
        <groupId>com.squareup.okhttp3</groupId>
        <artifactId>okhttp-bom</artifactId>
        <version>4.9.1</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
      <dependency>
        <groupId>com.squareup.okhttp3</groupId>
        <artifactId>okhttp</artifactId>
      </dependency>
      <dependency>
        <groupId>com.squareup.okhttp3</groupId>
        <artifactId>logging-interceptor</artifactId>
      </dependency>
      <dependency>
        <groupId>com.squareup.okio</groupId>
        <artifactId>okio</artifactId>
        <version>2.10.0</version>
      </dependency>
    </dependencies>
  </dependencyManagement>

Not pretty but at least it works.

[jimmyjames]

The majority of these issues should be resolved in 1.28.1, which includes #342 to use methods available in OkHttp v3. It will be available in Maven Central later today. There may still be scenarios where configuring the dependencies to use OkHttp v4 is still required, and we cannot guarantee that future changes will be compatible forever, but it's a reasonable change that should address the majority of issues reported here. Closing this issue, but we'll continue to monitor for any other issues.

[majugurci]

Just an update, I have updated Auth0 to the latest version (currently 1.30.0) and these changes are not necessary in the pom.xml anymore.

[luonianxin]

Identical issue, have reverted to 1.24.0 until further updates.

Resolved dependency tree of 1.24.0 looks like:

+--- com.auth0:auth0:1.24.0
|    +--- com.squareup.okhttp3:okhttp:3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

Resolved dependency tree of 1.25.0 looks like:

+--- com.auth0:auth0:1.25.0
|    +--- com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

In my case it is okhttp3 version resolution which causes this (I think) as the error seems to relate to the method deprecated in okhttp3 version 4, ie com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9

But interestingly different versions of okhttp3 are required within com.auth0:auth0:1.25.0 itself:

• com.squareup.okhttp3:okhttp:4.9.0
• com.squareup.okhttp3:logging-interceptor:3.14.9 that depends on com.squareup.okhttp3:okhttp:3.14.9

我也遇到了相同的问题，在springboot:2.6.14中引入了okhttp4.9.2,编译时未见有问题，运行时调用则报错,修改为官方推荐的3.14.9后问题解决，solved

[highergao]

Identical issue, have reverted to 1.24.0 until further updates.
Resolved dependency tree of 1.24.0 looks like:

+--- com.auth0:auth0:1.24.0
|    +--- com.squareup.okhttp3:okhttp:3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

Resolved dependency tree of 1.25.0 looks like:

+--- com.auth0:auth0:1.25.0
|    +--- com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9
|    |    \--- com.squareup.okio:okio:1.17.2
|    +--- com.squareup.okhttp3:logging-interceptor:3.14.9
|    |    \--- com.squareup.okhttp3:okhttp:3.14.9 (*)
|    +--- com.fasterxml.jackson.core:jackson-databind:2.11.3 (*)
|    +--- commons-codec:commons-codec:1.15 -> 1.14
|    \--- com.auth0:java-jwt:3.11.0
|         +--- com.fasterxml.jackson.core:jackson-databind:2.10.3 -> 2.11.3 (*)
|         \--- commons-codec:commons-codec:1.14

In my case it is okhttp3 version resolution which causes this (I think) as the error seems to relate to the method deprecated in okhttp3 version 4, ie com.squareup.okhttp3:okhttp:4.9.0 -> 3.14.9
But interestingly different versions of okhttp3 are required within com.auth0:auth0:1.25.0 itself:

• com.squareup.okhttp3:okhttp:4.9.0
• com.squareup.okhttp3:logging-interceptor:3.14.9 that depends on com.squareup.okhttp3:okhttp:3.14.9

我也遇到了相同的问题，在springboot:2.6.14中引入了okhttp4.9.2,编译时未见有问题，运行时调用则报错,修改为官方推荐的3.14.9后问题解决，solved

this is right help me so much thank you