Add option to filter iframe events to prevent incorrect events triggering callbacks

[aaronchilcott]

This change fixes an issue with the Iframe handler, where unrelated events were triggering callbacks, which caused undesired behaviour.

• Adds event validation to the Iframe handler, which allows for customised event filtering.
• Shifts responsibility of what to return in the callback from the Iframe handler to the silent authentication handler.
• Moves some logic out of the Iframe handler and in to the authentication handler, hopefully, more clearly defining the responsibilities of each class.

[aaronchilcott]

Here's an example of a silent authentication HTML callback file:

<!DOCTYPE html>
<html>
<head>
  <script type="text/javascript">
    var data = {
      type: 'auth0:silent-authentication',
      hash: window.location.hash
    };

    // This page is designed to be loaded in an Iframe
    var result = parent.postMessage(data, "*");
  </script>
</head>
<body></body>
</html>

[luisrudge]

hey @aaronchilcott! Thanks for the PR. We liked this approach very much. Can you fix the failing tests and add some tests to test this new logic? We want to make sure that this is not a breaking change (which using your default it isn't) and won't break current behaviour for everyone. Let me know if you need some help with that! Again, thank you very much! 🎉

[aaronchilcott]

Hi @luisrudge, thanks.
I have updated the test cases. There's an issue with one of the tests failing in the CI environment, however, it does not fail locally for me. Would you please take a look at it?

Thanks,
Aaron

[luisrudge]

@aaronchilcott thank you very much for this PR 🎉 I took the liberty of squashing the commits, so you might need to update your fork

[aaronchilcott]

@luisrudge, don't mention it. Happy to help 😊