Hello. I’m totally confused now with getting Lock to work with 2 client apps - each one is configured to be OIDC Conformant via administrative setting (OAuth tab in advanced settings - OIDC Conformant toggle is true for both client apps). I have 2 client apps (each one is Angular 4 SPA): admin app and client app. Each app consumes the same API resource for data. I’m using Lock 10 in each client app to authenticate the user attempting to use the app. The admin app will allow social connections to authenticate. However, the client app is invitation only and is limited to UserName/Password to authenticate the user. The admin app creates an invitation and uses Auth0’s Management API to create the user and then sends invitation via email.
I have this flow working, however, when I go to log the invited user into the client app, I get this error message:
Password login is disabled for clients using externally hosted login pages with oidc_conformant flag set.
I turned off OIDC Conformant toggle in admin area just for client app, however, Auth0 in this configuration does not return a JWT access token. It returns a very small string instead (I think it’s referred to as an opaque token??).
It seems I’m stuck. I cannot login using username/password for my OIDC Conformant client app and if I turn that off, I do not receive a JWT token. I’ve seen other posts suggesting using a hosted login page. I played around with the preview of the hosted login page for each client app and received the exact same error message from above.
I’m totally stuck and confused. Can someone please help provide a direction?
My requirements are as follows:
- Admin app accessible via username/password or social networks
- Client app accessible by only username/password
- Access to client app is by invitation only
- admin & client apps are Angular 4 SPA using Lock version 10
- I prefer to be able to use Lock in each client app as I really like the UI Lock provides and it’s easy to configure.
Thanks for your help.