I have one old client with client type NO TYPE, and a new one with client type SINGLE PAGE APPLICATION. For passwordless.
Both work on Chrome.
Only NO TYPE works on Safari.
What is the correct client type that behaves the same way as NO TYPE? The choices are Native, Non Interactive Client, Regular Web Application. NO TYPE is no longer an option, you have to select a specific type now.
Choosing the client type will influence other settings applicable to the client application and as you mentioned you now need to select a client type so technically it’s not possible to directly answer your question because a legacy No Type client application could be configured to have settings that most closely resemble the default configuration for Native application in one case and that most closely resemble a Regular Web Application in another.
With the above in mind we need to switch the focus from the client type which I’m assuming in your case is SPA and instead focus on the specific flow you’re implementing and that only works fully in one client application. You mention passwordless; is this passwordles authentication through the hosted login page? Any other information that you can share about authentication flow/endpoints being used might be useful to better troubleshoot this.
Yes, passwordless via email, and I’m hosting my own login page.
My old NO TYPE client was created using all the defaults. Just added a list of Allowed Callback Urls.
Is there a way to print all the settings of my client?
The passwordless flow is working fine for first time users in all configurations. It also works if you click my “logout” link to remove the id_token entry in local storage.
The problem scenario:
- you reach the JWT Expiration date so I serve the login page
- get the magic link in email
- click on it, but you don’t get in. You are back at the login page, confused. Fail.
- hit reload and get in to the app.
My theory: I need to delete the old entry in local storage when the response from getProfile is an error. If not, the app retrieves the old entry when responding to the magic link.
To test that, I want to create a new client like my old one, with a short timeout. But I haven’t been able to get control over the JWT Expiration. My old client was set to 90 days. My new one has 60 seconds, but I don’t see it timing out. The exp in the profile says exp Dec 17 and iat Sept 18.
And then there is this strange issue with Safari. It’s not important for me, just an indicator that something is wrong.
Thanks for any suggestions.
Code:
script src="https://cdn.auth0.com/js/lock-passwordless-1.0.min.js"
var lock = new Auth0LockPasswordless(
AUTH0_CLIENT_ID,
AUTH0_DOMAIN
);
lock.magiclink();
lock.getProfile(hash.id_token, function(err, profile) {
if (err) {
console.log('err', err);
//
// Possibly timed out, so clear cookie here?
//
} else {
loginSuccess(hash.id_token, profile);
}
});