Lock in popup mode, audience and oidcConformant

etienne.deboursetty · October 3, 2017, 1:27am

It seems there is something wrong in the way I do things.

I have the following code:

var lock = new Auth0Lock('secret','domain',{
    oidcConformant: true,
    auth: {
        redirect: false,
        responseType: 'token',
        params: {
            scope: 'openid profile email name'
        },
        audience: 'myaudience'
    }
});

And when I try it on my website, the popup shows up, but instead of coming back to my page once the authentication is finish, it redirects the popup to the original page…

It used to work fine without the audience and without to oidcConformant, but then the token wouldn’t be recognized by my API.

jmangelo · October 3, 2017, 6:59pm

What you experienced is a limitation of the library, in particular, when oidcConformant is enabled (which is required for the use of audience) the popup mode is not supported.

The above is per the information available in the Lock repository, in particular, within the oidcConformant section. In addition, per this issue, it seems this is not intended to be supported.

etienne.deboursetty · October 3, 2017, 7:24pm

@jmangelo : ok thanks. Since I posted this I switched to Auth.js, which does support audience and popup mode.