Hi all,
We are currently successfully using the Lock v11 to control the authentication via social login and we wanted to add also the username-password option.
Our Lock is configured with redirect:false
We are not able to have the username+password login working, as everything collapse when a call to “authorize” is done by the lock: what we get is an eternal spinner and a 403 from the API.
This is what the call looks like, as we can see from the console:https://meterian.auth0.com/authorize?client_id=xxx&response_type=token&redirect_uri=http%3A%2F%2Flocal.meterian.com%2Faccount.html&state=yyy&scope=openid%20profile%20email&realm=Username-Password-Authentication&login_ticket=zzzz&response_mode=web_message&prompt=none&auth0Client=kkkk%3D%3D
The social logins work perfectly.
Does anybody has any suggestion? This is the lock configuration:
var lock = new Auth0Lock(lock_id, 'meterian.auth0.com', {
auth: {
redirect: false
},
allowSignUp: true,
container: 'login-container',
rememberLastLogin: false,
theme: {
logo: '/images/logo.png',
primaryColor: 'blue'
}
});
Any help is highly appreciated!
Is anybody keeping an eye on this forum?
Well, for anybody interested, this was fixed inserting a fake url as a callback and enabling it as a callback in the web lock config, something like this:
var lock = new Auth0Lock(lock_id, 'meterian.auth0.com', {
auth: {
redirect: false,
**responseType: 'token',**
**redirectUrl: your_fake_url_here**
},
allowSignUp: true,
container: 'login-container',
rememberLastLogin: false,
theme: {
logo: '/images/logo.png',
primaryColor: 'blue'
}
});
Remember also the responseType: ‘token’ bit. See some details of a similar issue raised on Github here:
opened 12:00AM - 14 Mar 18 UTC
closed 04:50PM - 16 Mar 18 UTC
So we're migrating from Lock 10 to Lock 11.
And sign in only works for the new … Lock if the current page URL is present in the "Allowed Callback URLs" list.
Which doesn't make much sense because we've configured Lock to be `{ auth: { redirect: false } }` and still it's outputting this error:
`iframe-handler.js:53`
GET https://college-consortium-students-develop.auth0.com/authorize?client_id=8ByEbGpPAG0Kne2GPmaN6GACEdNajB5a&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fsections%2F2684%2Fregister&state=45L8V6~wiPvb7m6rJEbmH~nMAFYTnd7a&scope=openid%20email%20app_metadata&realm=Username-Password-Authentication&login_ticket=K9Dez9nTJus8wnkPAYmd8o7eaJycKgLz&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zLjAiLCJsaWJfdmVyc2lvbiI6IjkuMy4wIn0%3D 403 ()
So, "Allowed Callback URLs" is all about callbacks and we don't need any callbacks.
Still there's a forced `redirect_url` parameter in the URL and my guess is that it's the trigger for the 403 status error on Auth0 server side.
Perhaps if Lock didn't send any `redirect_url` parameter then it wouldn't respond with a 403 error.
system
September 2, 2019, 12:39pm
5
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.