We have an ionic2 (3.6.0) application and a couple social logins enabled.
using npm isntall “auth0-js”: “^8.6.1”, “auth0-lock”: "^10.16.0"
and tried CDN as well (verses npm packages)
We compile/deploy to platforms including Mobile (android and iOS) and Desktop (browser). I followed the new way of doing Mobile auth0 which requires using inappbrowser and safariviewcontroller to do the PKCE trusted browser mode of login. I don’t really like it but sure… it seems to work.
However, when running in Desktop/Web/Browser mode (you know,… just running the ionic2 app from your browser), I have had zero (0, nil, nada, zilch) success getting (google) oauth to work. To make things frustratingly worse,… this is only happening during a production build with AOT is involved.
- either we get the dreaded google sameorigin block (below). I think this is related to having inappbrowser cordova plugin installed. Somehow and somewhere using auth0-lock, there is an iframe involved and google won’t allow that. …
Refused to display ‘https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fme.auth0.com%2Flogin%2Fcallback&scope=email%20profile&state=0KSHCiyfU7ssTdny81ol_QQwbdVRHB5a&client_id=_some_client_id’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.
- or,… without inappbrowser, I get the dreaded white-screen-of-death popup window with an “OK” displayed in it.
As many examples as there are out there of auth0… I feel like I am the only person on the entire Internet to be using auth0 with ionic2 in browser/desktop/hybrid-webapp mode.
I will create an example if anyone is willing to help me solve this.