0

I'm trying to implement Auth0 with lock (version 10.11.0) inside my Angular2 app. Auth0 works if I list every possible route in Auth0's client's Allowed Callback URLs setting. It seems Auth0 picks up the callback URL from whatever URL the user happens to be on when they decide to login. This is not a scalable approach. How do you solve this?

I've tried entering a redirectUrl value in auth options. This gets me a little further in that the app does redirect to the URL supplied, however, Auth0 lock's authenticated callback never fires so I cannot retrieve authenticated user's profile.

So, I'm stuck. It seems my only course of action is to list every conceivable route in Auth0's client's Allowed Callback URLs setting and pray the guys from marketing do not come up with more routes.

Here's my code:

        let options =
        {
            auth:
            {
                //redirectUrl: 'http://localhost:4200',
                //redirect: true,
                responseType: 'token',
                params:
                {
                    scope: 'openid user_id name nickname email picture'
                }
            }
        };

        this.lock = new Auth0Lock('xxx', 'yyy', options);

        this.lock.on("authenticated", (authResult) =>
        {
            console.log('@@@@  AUTH RESULTS:', authResult); 

            localStorage.setItem('id_token', authResult.idToken);

            this.lock.getProfile(authResult.idToken, (error, profile) => 
            {
                if (error) 
                {
                    return;
                }

                console.log('@@@@  AUTHENTICATED USER PROFILE:', profile);

            });
        }

Any ideas on how to make Auth0 work so you do not have to list every possible route a user can be on before deciding to authenticate?

Tom Schreck
  • 5,177
  • 12
  • 68
  • 122
  • Does your "login" page contain a specific endpoint e.g http:localhost:4200/login for example? Or are you saying users can choose lock and login from a number of different endpoints? Or are your urls ending in hashes etc - just trying to understand your situation - have written many auth0 SPA apps using Lock without running into this problem. You are right, when using the javascript function callback approach, it will use the current url (window.location) as the "redirect url". – arcseldon Feb 15 '17 at 12:49
  • I do not have a specific route for login. My 'login' link simply calls lock.show. Yes, users can choose lock.show from a number of different endpoint (routes). My URLs are not ending in hashes. How do I solve this issue? Thank you for your help. – Tom Schreck Feb 15 '17 at 13:45
  • I found [Getting “Callback URL mismatch” with Auth0](http://stackoverflow.com/a/42511380/418549) stackoverflow question which directed me to a solution. – Tom Schreck Feb 28 '17 at 14:31
  • I answered the similar question in this link [https://stackoverflow.com/questions/40824963/getting-callback-url-mismatch-with-auth0/46767040#46767040](https://stackoverflow.com/questions/40824963/getting-callback-url-mismatch-with-auth0/46767040#46767040) – oscarz Oct 16 '17 at 09:31

0 Answers0