Lock in popup mode, audience and oidcConformant

etienne.deboursetty · October 3, 2017, 1:27am

It seems there is something wrong in the way I do things.

I have the following code:

var lock = new Auth0Lock('secret','domain',{
    oidcConformant: true,
    auth: {
        redirect: false,
        responseType: 'token',
        params: {
            scope: 'openid profile email name'
        },
        audience: 'myaudience'
    }
});

And when I try it on my website, the popup shows up, but instead of coming back to my page once the authentication is finish, it redirects the popup to the original page…

It used to work fine without the audience and without to oidcConformant, but then the token wouldn’t be recognized by my API.

jmangelo · October 3, 2017, 6:59pm

What you experienced is a limitation of the library, in particular, when oidcConformant is enabled (which is required for the use of audience) the popup mode is not supported.

The above is per the information available in the Lock repository, in particular, within the oidcConformant section. In addition, per this issue, it seems this is not intended to be supported.

etienne.deboursetty · October 3, 2017, 7:24pm

@jmangelo : ok thanks. Since I posted this I switched to Auth.js, which does support audience and popup mode.

Topic		Replies	Views
oidcConformant breaks redirectUrl? Help lock , oidc-conformant , audience , auth0-lock	2	3710	March 2, 2018
Audience with embedded Lock as Popup Help lock-10 , api , audience , embedded-lock	13	6948	March 2, 2018
Breaking change in Lock 10.22.0 Help lock , oidc-conformant	4	4387	March 2, 2018
Lock in Popup mode and Consent required Help	2	3637	August 26, 2019
Opaque token returned for hosted lock with audience param Help access-token , api-authorization	3	4399	August 27, 2019

Lock in popup mode, audience and oidcConformant

Related Topics