Hello!
I login with AuthLock 10.18 and Authorization Code Grant flow, specifying my own audience (https://thisIsMyTest) and the scopes I want.
new Auth0Lock('@(Model.ClientId)',
'@(Model.Domain)',
{
container: 'root',
auth: {
redirectUrl: '@(new Uri(Request.Url, Url.Content("~/LoginCallback.ashx")).ToString())',
responseType: 'code',
params: {
audience:'https://thisIsMyTest',
scope: 'openid email name picture',
passwordExpiredUrl: '@Url.Action("PasswordExpired", "Account", null, Request.Url.Scheme)'
}
},
language: '@Thread.CurrentThread.CurrentCulture.TwoLetterISOLanguageName',
forgotPasswordLink: '@Url.Action("ResetPassword")',
});
I Receive a code and exchange it for a token in my LoginCallback.ashx. This token confirms I can access the userInfo endpoint:
{
"iss": "https://<my-domain>/",
"sub": "<Auth0id>",
"aud":
"https://thisIsMyTest",
"https://<my-domain>/userinfo"
],
"azp": "pr1l6f6GTRrIsa5VSHdCYxlzvZRN5Trb",
"exp": 1499873942,
"iat": 1499787542,
"scope": "openid email name picture"
}
Now, I if I use the access token to query the /userinfo endpoint this is the response I get, which clearly doesn’t contain all I want:
{
"sub": "<auth0id>",
"email": "mangel@mymail.ie",
"email_verified": true
}
However, if I perfom the initial login exactly the same but commenting out the audience line, that is without specifying any audience, and use the short access_token returned (16 chars, something like this “hhbhGB-KPnlddGAN”). Then the response actually contains everything I want, but of course, I cannot invoke my APi with this token since the audience was not specified.
{
"given_name": "Miguel",
"family_name": "Muñoz",
"email": "mangel@<mymail>.ie",
"picture": "<url>",
"nickname": "mangel",
"last_password_reset": "2017-06-23T15:47:14.767Z",
"name": "mangel@<mymail>.ie",
"app_metadata": {
"isActive": true
},
"isActive": true,
"email_verified": true,
"user_id": <auth0id>,
"clientID": "<clientId",
"identities":
{
"user_id": "<id>",
"provider": "auth0",
"connection": "Username-Password-Authentication",
"isSocial": false
}
],
"updated_at": "2017-07-11T15:47:53.289Z",
"created_at": "2017-06-23T15:44:00.201Z",
"sub": "<auth0Id>"
}
Any explanation for this? Anything that I am missing? I would expect the 1st path to return exactly the same information than the second path when calling the /userInfo endpoint.
Thanks!