Lock v11: getUserInfo does not work with token from "lock.checkSession"

Hi,

I’m trying to implement a PopUp login with Lock v11 in my javascript app. It works: I can authorize and get user data. But only on login. If I try to refresh the token with lock.checkSession() and use this token to call lock.getUserInfo() I get {"error":"unauthorized","error_description":"invalid credentials"}. I checked that the request send to https://restegourmet.eu.auth0.com/userinfo is the same except the new token.

What could be wrong?

Here is my complete code. O call rg_auth0.init() on page load.

rg_auth0 = {
lock: null,

init: function () { 
    this._init_lock();            
    this._init_events();

    this.refresh_token();
},

refresh_token: function () {
    this.lock.checkSession({}, function(err, authResult) {
        if (err) {
            console.log ("checkSession error", err, authResult);
            return;
        }

        rg_auth0._get_user_info(authResult);           
    });       
}, 

show_lock: function () {
    this.lock.show();
},    

_init_lock: function () {
    this.lock = new Auth0Lock(
        php_to_js.AUTH0_CLIENT_ID,
        php_to_js.AUTH0_DOMAIN,
        {
            autoclose: true,
            auth: {
                redirect: false,
                responseType: 'token',
                audience: php_to_js.AUTH0_AUDIENCE
            }
        }
    );
},    

_init_events: function () {
    // Listening for the authenticated event
    this.lock.on("authenticated", function(authResult) {
        rg_auth0._get_user_info(authResult);
    }); 
},

_get_user_info: function (authResult) {
    console.log ("_get_user_info", authResult);

    rg_auth0.lock.getUserInfo(authResult.accessToken, function(error, profile) {
        
        if (error) {
            console.log ("getUserInfo error", error, profile);
            return;
        }

        console.log("getUserInfo success", authResult, profile);
    });
},

};

I am facing the same exact issue tike the one above but on an SPA react js app

In my case it was related to this issue: checkSession drops scopes from original lock constructor · Issue #1484 · auth0/lock · GitHub

Just add scope parameter to checkSession call or update lock.js to version v10.11.0

will check that tomorrow, but i’m already on lock version 11.9.1

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.