Specifically, I am using an embedded login redirect, and can make it from v9 to 10.24.2 without issue. The way I’m calling lock is like so:
var options = {
auth: {
redirectUrl: 'https://foo.bar/login/complete',
sso: true,
}
};
var lock = new Auth0Lock('auth0_client_id', 'auth0_domain', options);
lock.show();
… though obviously with a real client_id and domain. As the api docs suggest, by default rememberLastLogin is enabled, and I can see my last login with google oauth, press the button, and login with that account.
However, if I add oidcConformant: true to the options object when dealing with v10, or if I upgrade to v11 (without or without oidc), the rememberLastLogin behavior doesn’t seem to happen. In these cases, I notice that a userinfo HTTP endpoint is called by the code instead of the ssodata HTTP endpoint – and also that userinfo is returning interesting information (my email address appears in the response). But the userinfo response doesn’t seem to be used by anything. I get an ordinary username prompt, as if I’d never logged in on this machine before. This is true for both Chrome and FF, and also for multiple subdomains using lock against this auth0 account.
Is it possible I missed a configuration somewhere, either in lock’s settings or in the auth0 account settings? Or is this not expected to work? Or …?