Auth0 Home Blog Docs

webAuth.client.login not recommended?

auth0js
token-endpoint

#1

I was reading up on changes between Auth0.js v9 and v8, when I noticed that the documentation for webAuth.client.login has been removed (the change log on GitHub says it’s not recommended).

I’m currently using this method on an embedded login form to login using the token endpoint. Will support for this functionality be going away, and should I be looking into using other authentication methods?


#2

The method in question performed a resource owner password credentials (ROPC) grant through /oauth/token endpoint; at this time, I don’t have any indication about the removal of this grant in that endpoint so even if in the future there’s a decision to remove it it’s highly likely that the time until that hypothetical decision plus the time granted to migrate away from it would be significantly in the future. In other words, I would personally not worry about the possibility of that method going away.

Having said that, even if the method is not planned to be removed,it’s true that there are very few scenarios where you really need to resort to it and in the vast majority there are better alternatives, hence the removal from documentation of that library. If you have a web application I would consider first centralized login approach through the hosted login page and then cross-origin authentication (embedded login).


#3