Skip to content
This repository was archived by the owner on Nov 25, 2020. It is now read-only.

auth0-lock v11 and responseType = 'token' #403

Closed
vidaritos opened this issue Sep 21, 2018 · 1 comment
Closed

auth0-lock v11 and responseType = 'token' #403

vidaritos opened this issue Sep 21, 2018 · 1 comment

Comments

@vidaritos
Copy link
Contributor

I'm having the most difficult time getting the authorization flow working with Auth0.

I tried first the examples provided by the Auth0 site to integrate the authentication with my SPA, which works fine, but when I use aurelia-authentication plugin using the same config, it fails.
The flow stops at the /authorize endpoint
If I set the responseType = 'token', I get the following error in the console:
Unhandled rejection TypeError: Cannot read property 'token' of null
Other attempts:
responseType = 'token id_token' gives me this error:
Unhandled rejection Error: Only 'token' responseType is supported

responseType = 'token%20id_token' results in /authroize to return HTTP 501

If I change the line

aurelia-authentication/src/authLock.js

Lines 63 to 64 in 9ae76ac

if (typeof provider.responseType === 'string') {
opts.auth.responseType = provider.responseType;
to
opts.auth.responseType = provider.responseType.replace('%20', ' ');
It seems to work. /authorize then returns HTTP 200

Should the following if-statement here also include to check responseType === 'token id_token'?

aurelia-authentication/src/authLock.js

Lines 93 to 96 in 9ae76ac

if (provider.responseType === 'token'
|| provider.responseType === 'id_token%20token'
|| provider.responseType === 'token%20id_token'
) {

Or am I missing something here?

I found this auth0/lock#809, indicating responseType = 'token id_token' is now mandatory?

AuthConfig:

export default {
  endpoint: 'api',
  configureEndpoints: ['api'], 
  storageKey: 'aurelia_authentication_auth0',
  providers: {
    auth0: {
      
      oauthType: 'auth0-lock',
      responseType: 'token',
      clientId: 'random',
      clientDomain: 'mydomain.eu.auth0.com',
      lockOptions: {
        auth: {          
          audience: 'http://mydomain.com/api',
          params: { scope: 'openid profile' },
        }
      },
      state: function () {
        return Math.random().toString(36).substr(2);
      }
    }
  }
};
@RWOverdijk
Copy link
Member

Should the following if-statement here also include to check responseType === 'token id_token'?

It did, before you removed the %20 :D

provider.responseType === 'token%20id_token'

Any way, it looks like you caught a bug (or at least some icky code) there. Would you mind sending in a PR?

@vidaritos vidaritos mentioned this issue Sep 23, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RWOverdijk @vidaritos