Angular -- Auth0.js -- Reauthenticate Users for Sensitive Operations


My company would like to implement password reauthentication for our Angular application. We are using Username-Password Database authentication. Our use case is as follows:

  1. User navigates to Page with sensitive information.
  2. User clicks on button to view sensitive information.
  3. Modal pops up and User enters password and clicks “Authenticate.”
  4. Modal has a loading icon indicating reauthorization in progress. Upon successful authorization, modal disappears and the sensitive information appears on the Page.

As you can see, I would like to have the User stay on the same page during the reauthorization process. The issue I’m running into is that a callback url is required for an authorize call. As a SPA, redirecting back would require reloading the app. Using nonces, I was able to redirect to our callback component and parse out from the authResult’s state the url of the Page and navigate back to the page. However, this is a bad user experience.

In addition, I don’t see where I can pass the password to a reauthorization endpoint and trigger user verification.

The original posters on these two topics detail almost exactly what I need to do. However, I had no luck in implementing their answers. Auth0.js version 9+ authorize() method does not take an “prompt” or a “maxAge” option, at least for our version.

Is there any way for me to do what I described above?

Thanks in advance.

Edit: I’m looking at this: Call Your API Using Resource Owner Password Flow
Would this be a solution to my use case?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?