1

Is it normal that after authentication we cannot redirect to a path that require authentication (auth.loggedIn())?

this.lock = new Auth0Lock(clientId, domain, {
    auth: { 
        redirect:true,
        redirectUrl: 'http://localhost:3000/hello',
        responseType: 'token'
    }
});

This is working only if http://localhost:3000/hello does not require authentication.

João Angelo
  • 56,552
  • 12
  • 145
  • 147
elyrico
  • 519
  • 6
  • 19

1 Answers1

0

The redirect URL that you configure in Lock is the URL that will complete the login process in your application so the expectation is that this URL allows anonymous access.

The flow is the following:

  1. User accesses your application
  2. Application detects anonymous user and requests user credentials (by showing Lock)
  3. User provides their credentials
  4. Lock requests Auth0 service to validate credentials and indicates the URL to the Auth0 service should return the response
  5. Auth0 service processes the credentials and returns a response to the redirect URL
  6. Application - the configured redirect URL to be more specific - processes the response

In step 6. the response can either mean that the user did authenticate with success or that there was an error and authentication did not complete. This means that this URL must allow anonymous access.

João Angelo
  • 56,552
  • 12
  • 145
  • 147
  • So I should do another redirection depending on the Auth0 response if I want the user to be redirected to a protected route? – elyrico Nov 17 '16 at 19:23