We have tried every possible combination and resource but currently auth0 sends a 403 on every login or sign up attempt, even when trying the database connection (calling /authorize)
We are using a hosted page since a year and the problem seems to appear just recently.
I tried upgrading to lock 11, copy pasting params and default states and nothing, currently this is the code used (hiding username and password login to avoid the bug):
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Identifícate para Navegar</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>
<!--[if IE 8]>
<script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script>
<![endif]-->
<!--[if lte IE 9]>
<script src="https://cdn.auth0.com/js/base64.js"></script>
<script src="https://cdn.auth0.com/js/es5-shim.min.js"></script>
<![endif]-->
<script src="https://cdn.auth0.com/js/lock/11.9.1/lock.min.js"></script>
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
config.extraParams = config.extraParams || {};
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language = "ES";
var params = {scope: 'openid profile'};
params.state = location.search;
if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title,
signUpTerms: "He leído y acepto los <a href='https://www.eknowifi.com/privacy' target='_new'>Términos de Uso</a> del servicio."
};
} else if (typeof config.dict === 'string') {
language = config.dict;
}
var loginHint = config.extraParams.login_hint;
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: "https://app.eknowifi.com/loggedin",
responseType: 'code',
params: params,
audience : "https://ekno.auth0.com/userinfo",
},
assetsUrl: config.assetsUrl,
rememberLastLogin: !prompt,
language: language,
languageDictionary: languageDictionary,
theme: {
logo: 'https://app.eknowifi.com/images/logos/logo.png',
primaryColor: 'green',
},
mustAcceptTerms: true,
oidcConformant: false,
allowShowPassword: true,
autofocus: true,
sso: false,
allowedConnections: ['facebook','twitter'],
socialButtonStyle: 'big',
prefill: loginHint ? { email: loginHint, username: loginHint } : null,
closable: false,
// uncomment if you want small buttons for social providers
// socialButtonStyle: 'small'
});
lock.show();
</script>
</body>
</html>