Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix some examples and docs + using https everywhere #436

Merged
merged 3 commits into from
May 17, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,8 @@ For this request to succeed, the user must have an active SSO session at Auth0 b

> ***Important:*** this will use postMessage to communicate between the silent callback and the SPA. When false the SDK will attempt to parse the url hash should ignore the url hash and no extra behaviour is needed.

> **Also important:** If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social). If you use Auth0's dev keys, you'll always get `login_required` as an error when calling `renewAuth`.

It is strongly recommended to have a dedicated callback page for silent authentication in order to avoid loading your entire application again inside an iframe.
This callback page should only parse the URL hash and post it to the parent document so that your application can take action depending on the outcome of the silent authentication attempt.
For example:
Expand Down Expand Up @@ -213,7 +215,7 @@ For a complete reference and examples please check our [docs](https://auth0.com/

## Develop

Run `npm start` and point your browser to `http://localhost:3000/example` to run the example page.
Run `npm start` and point your browser to `https://localhost:3000/example` to run the example page.

Run `npm run test` to run the test suite.

Expand Down
2 changes: 1 addition & 1 deletion docs/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ <h3>Initialize</h3><pre class="prettyprint source lang-js"><code>var auth0 = new
<li><strong>linkUser(userId, secondaryUserToken, cb)</strong>: Link two users. https://auth0.com/docs/api/management/v2#!/Users/post_identities</li>
</ul>
<h2>Documentation</h2><p>For a complete reference and examples please check our <a href="https://auth0.com/docs/libraries/auth0js">docs</a> and our <a href="https://auth0.com/docs/libraries/auth0js/v8/migration-guide">Migration Guide</a> if you need help to migrate from v7</p>
<h2>Develop</h2><p>Run <code>npm start</code> and point your browser to <code>http://localhost:3000/example</code> to run the example page.</p>
<h2>Develop</h2><p>Run <code>npm start</code> and point your browser to <code>https://localhost:3000/example</code> to run the example page.</p>
<p>Run <code>npm run test</code> to run the test suite.</p>
<p>Run <code>npm run test:watch</code> to run the test suite while you work.</p>
<p>Run <code>npm run test:coverage</code> to run the test suite with coverage report.</p>
Expand Down
2 changes: 1 addition & 1 deletion example/callback-cross-auth.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<script type="text/javascript">
var auth0 = new auth0.WebAuth({
domain: 'auth0-tests-auth0js.auth0.com',
redirectUri: 'http://localhost:3000/example',
redirectUri: 'https://localhost:3000/example',
clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
responseType: 'token'
});
Expand Down
2 changes: 1 addition & 1 deletion example/callback.html
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html>
<head>
<script type="text/javascript">
parent.postMessage(window.location.hash, "http://localhost:3000/");
parent.postMessage(window.location.hash, "https://localhost:3000/");
</script>
</head>
<body></body>
Expand Down
2 changes: 1 addition & 1 deletion example/callback_popup.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<script type="text/javascript">
var auth0 = new auth0.WebAuth({
domain: 'auth0-tests-auth0js.auth0.com',
redirectUri: 'http://localhost:3000/example',
redirectUri: 'https://localhost:3000/example',
clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
responseType: 'token'
});
Expand Down
20 changes: 11 additions & 9 deletions example/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ <h1>Auth0.JS playground</h1>
<div>
<h2>Login with database connection:</h2>
<input class="login-username" value="johnfoo@gmail.com" />
<input type="password" class="login-password" value="1234" />
<input class="login-password" value="1234" />
<input type="button" class="login-db" value="login" />
</div>

Expand All @@ -128,15 +128,15 @@ <h2>Login with passwordless connection:</h2>
<div>
<h2>Login with database connection (popup):</h2>
<input class="popup-login-username" value="johnfoo@gmail.com" />
<input type="password" class="popup-login-password" value="1234" />
<input class="popup-login-password" value="1234" />
<input type="button" class="popup-login-db-preload" value="preload" />
<input type="button" class="popup-login-db" value="login" />
</div>

<div>
<h2>Login with database connection (client login):</h2>
<input class="client-login-username" value="johnfoo@gmail.com" />
<input type="password" class="client-login-password" value="1234" />
<input class="client-login-password" value="1234" />
<input type="button" class="client-login-db" value="login" />
</div>

Expand All @@ -163,6 +163,8 @@ <h2>Renew authentication:</h2>

<div>
<h2>Login with new Login Ticket flow:</h2>
<input class="login-ticket-username" value="johnfoo@gmail.com" />
<input class="login-ticket-password" value="1234" />
<input type="button" class="login-ticket" value="Login" />
</div>

Expand All @@ -185,10 +187,9 @@ <h2>Console:</h2>
});

var webAuth = new auth0.WebAuth({
domain: 'luisrudge-auth0-au.au.auth0.com',
domain: 'brucke.auth0.com',
redirectUri: 'https://localhost:3000/example',
clientID: '9ZEQtEBDEXOozlZ62q17lDFfPae6n30F', //localhost
//clientID: 'gPjLXENRzOnYVA0aPgwQ3jPt0cWGYs7j', //https://test-cross-auth.now.sh/
clientID: 'k5u3o2fiAA8XweXEEX604KCwCjzjtMU6',
responseType: 'token',
plugins: [
new CordovaAuth0Plugin()
Expand Down Expand Up @@ -353,9 +354,10 @@ <h2>Console:</h2>
$('.login-ticket').click(function (e) {
e.preventDefault();
webAuth.login({
username: 'test@example.com',
password: 'test',
redirectURI: 'https://localhost:3000/example/'
username: $('.login-ticket-username').val(),
password: $('.login-ticket-password').val(),
redirectURI: 'https://localhost:3000/example/',
realm: 'acme'
}, htmlConsole.dumpCallback.bind(htmlConsole));
});
$(document.body).append($('<div class="loaded">LOADED</div>'));
Expand Down
2 changes: 1 addition & 1 deletion gulpfile.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ gulp.task('dev', function () {
if (err) {
throw new gutil.PluginError('webpack-dev-server', err);
}
gutil.log('[webpack-dev-server]', 'http://localhost:3000/example/index.html');
gutil.log('[webpack-dev-server]', 'https://localhost:3000/example/index.html');
});
});
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
"ci:test": "istanbul cover _mocha --report lcovonly -R test/**/* -- -R mocha-multi --reporter-options spec=-,mocha-junit-reporter=-",
"ci:coverage": "codecov",
"lint": "eslint ./src",
"lint:fix": "eslint --fix ./src",
"publish:cdn": "ccu",
"release": "scripts/release.sh",
"jsdocs": "jsdoc --configure .jsdoc.json --verbose"
Expand Down
13 changes: 7 additions & 6 deletions src/web-auth/cross-origin-authentication.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,16 @@ function createKey(origin, coId) {
}

/**
* Logs in the user with username and password using the cross origin authentication flow. You can use `username` or `email` as the actual username.
* Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
* This only works when 3rd party cookies are enabled in the browser. After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
*
* @method login
* @param {Object} options options used in the {@link authorize} call after the login_ticket is acquired
* @param {String} options.username username
* @param {String} options.email email
* @param {String} options.password user password
* @param {String} options.realm realm
* @param {Function} cb callback function called only when an authorization error occurs. Has the error as the only parameter.
* @param {String} [options.username] Username (mutually exclusive with email)
* @param {String} [options.email] Email (mutually exclusive with username)
* @param {String} options.password Password
* @param {String} [options.realm] Realm used to authenticate the user, it can be a realm name or a database connection name
* @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`.
*/
CrossOriginAuthentication.prototype.login = function (options, cb) {
var _this = this;
Expand Down
22 changes: 15 additions & 7 deletions src/web-auth/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,7 @@ WebAuth.prototype.validateToken = function (token, nonce, cb) {
/**
* Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
* This method requires that all Auth is performed with {@link authorize}
* Watch out! If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social). If you use Auth0's dev keys, you'll always get `login_required` as an error when calling this method.
*
* @method renewAuth
* @param {Object} options
Expand Down Expand Up @@ -313,7 +314,8 @@ WebAuth.prototype.signup = function (options, cb) {
};

/**
* Redirects to the hosted login page (`/authorize`) in order to start a new authN/authZ transaction
* Redirects to the hosted login page (`/authorize`) in order to start a new authN/authZ transaction.
* After that, you'll have to use the {@link parseHash} function at the specified `redirectUri`.
*
* @method authorize
* @param {Object} options
Expand Down Expand Up @@ -381,15 +383,21 @@ WebAuth.prototype.signupAndAuthorize = function (options, cb) {
};

/**
* Logs in the user with username and password using the cross origin authentication flow. You can use `username` or `email` as the actual username.
* @callback crossOriginLoginCallback
* @param {Error} [err] Authentication error returned by Auth0 with the reason why the request failed
*/

/**
* Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
* This only works when 3rd party cookies are enabled in the browser. After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
*
* @method login
* @param {Object} options options used in the {@link authorize} call after the login_ticket is acquired
* @param {String} options.username username
* @param {String} options.email email
* @param {String} options.password user password
* @param {String} options.realm realm
* @param {Function} cb callback function called only when an authorization error occurs. Has the error as the only parameter.
* @param {String} [options.username] Username (mutually exclusive with email)
* @param {String} [options.email] Email (mutually exclusive with username)
* @param {String} options.password Password
* @param {String} [options.realm] Realm used to authenticate the user, it can be a realm name or a database connection name
* @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`.
*/
WebAuth.prototype.login = function (options, cb) {
this.crossOriginAuthentication.login(options, cb);
Expand Down
8 changes: 4 additions & 4 deletions test/web-auth/redirect.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ describe('auth0.WebAuth.redirect', function () {
client_id: '0HP71GSd6PuoRY',
connection: 'tests',
password: '1234',
redirect_uri: 'http://localhost:3000/example/',
redirect_uri: 'https://localhost:3000/example/',
response_type: 'id_token',
scope: 'openid',
tenant: 'me',
Expand Down Expand Up @@ -129,7 +129,7 @@ describe('auth0.WebAuth.redirect', function () {

var configuration = {
domain: 'me.auth0.com',
redirectUri: 'http://localhost:3000/example/',
redirectUri: 'https://localhost:3000/example/',
clientID: '0HP71GSd6PuoRY',
responseType: 'id_token'
};
Expand Down Expand Up @@ -170,7 +170,7 @@ describe('auth0.WebAuth.redirect', function () {
client_id: '0HP71GSd6PuoRY',
connection: 'tests',
password: '1234',
redirect_uri: 'http://localhost:3000/example/',
redirect_uri: 'https://localhost:3000/example/',
response_type: 'token',
scope: 'openid',
tenant: 'me',
Expand All @@ -192,7 +192,7 @@ describe('auth0.WebAuth.redirect', function () {

var configuration = {
domain: 'me.auth0.com',
redirectUri: 'http://localhost:3000/example/',
redirectUri: 'https://localhost:3000/example/',
clientID: '0HP71GSd6PuoRY',
responseType: 'token'
};
Expand Down
2 changes: 1 addition & 1 deletion webpack.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ module.exports = {
filename: '[name].js',
library: '[name]',
libraryTarget: 'umd',
publicPath: 'http://localhost:3000/'
publicPath: 'https://localhost:3000/'
},
resolve: {
extensions: ['', '.webpack.js', '.web.js', '.js']
Expand Down