Auth0 Home Blog Docs

Lock v11: getUserInfo does not work with token from "lock.checkSession"

lock

#1

Hi,

I’m trying to implement a PopUp login with Lock v11 in my javascript app. It works: I can authorize and get user data. But only on login. If I try to refresh the token with lock.checkSession() and use this token to call lock.getUserInfo() I get {"error":"unauthorized","error_description":"invalid credentials"}. I checked that the request send to https://restegourmet.eu.auth0.com/userinfo is the same except the new token.

What could be wrong?

Here is my complete code. O call rg_auth0.init() on page load.

rg_auth0 = {
lock: null,

init: function () { 
    this._init_lock();            
    this._init_events();

    this.refresh_token();
},

refresh_token: function () {
    this.lock.checkSession({}, function(err, authResult) {
        if (err) {
            console.log ("checkSession error", err, authResult);
            return;
        }

        rg_auth0._get_user_info(authResult);           
    });       
}, 

show_lock: function () {
    this.lock.show();
},    

_init_lock: function () {
    this.lock = new Auth0Lock(
        php_to_js.AUTH0_CLIENT_ID,
        php_to_js.AUTH0_DOMAIN,
        {
            autoclose: true,
            auth: {
                redirect: false,
                responseType: 'token',
                audience: php_to_js.AUTH0_AUDIENCE
            }
        }
    );
},    

_init_events: function () {
    // Listening for the authenticated event
    this.lock.on("authenticated", function(authResult) {
        rg_auth0._get_user_info(authResult);
    }); 
},

_get_user_info: function (authResult) {
    console.log ("_get_user_info", authResult);

    rg_auth0.lock.getUserInfo(authResult.accessToken, function(error, profile) {
        
        if (error) {
            console.log ("getUserInfo error", error, profile);
            return;
        }

        console.log("getUserInfo success", authResult, profile);
    });
},

};


#2

I am facing the same exact issue tike the one above but on an SPA react js app


#3

In my case it was related to this issue: https://github.com/auth0/lock/issues/1484

Just add scope parameter to checkSession call or update lock.js to version v10.11.0


#4

will check that tomorrow, but i’m already on lock version 11.9.1