Migrate to auth0.js v8

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "10.8.1",
+  "version": "10.8.0-beta.5",
   "main": "build/lock.js",
   "ignore": [
     "lib-cov",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "10.8.1",
+  "version": "10.8.0-beta.5",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",
@@ -79,7 +79,7 @@
     "zuul-ngrok": "gnandretta/zuul-ngrok#upgrade-ngrok"
   },
   "dependencies": {
-    "auth0-js": "7.6.1",
+    "auth0-js": "8.0.1",
     "blueimp-md5": "2.3.1",
     "fbjs": "^0.3.1",
     "immutable": "^3.7.3",
@@ -96,6 +96,8 @@
     "cdn": "https://cdn.auth0.com",
     "mainBundleFile": "lock.min.js",
     "bucket": "assets.us.auth0.com",
-    "localPath": "build"
+    "localPath": "build",
+    "majorAndMinor": false,
+    "snapshot": false
   }
 }

scripts/ci.sh

@@ -3,7 +3,7 @@
 npm install
 
 MATCHER=${2:-"*"}
-NPM_TAG=${3:-"latest"}
+NPM_TAG=${3:-"beta"}
 
 NPM_NAME=$(node scripts/utils/attribute.js name)
 VERSION=$(node scripts/utils/attribute.js version)
@@ -37,7 +37,7 @@ success()
 
 cdn_release()
 {
-  npm run publish:cdn
+  npm run publish:cdn -- --full-version-only
   new_line
   success "$NPM_NAME ($1) uploaded to cdn"
 }
@@ -99,7 +99,7 @@ npm run dist build
 
 # Release
 git checkout -b dist
-bower_release
+#bower_release
 new_line
 npm_release "$VERSION"
 new_line

src/connection/database/actions.js

@@ -79,13 +79,13 @@ export function signUp(id) {
       if (error) {
         setTimeout(() => signUpError(id, error), 250);
       } else {
-        signUpSuccess(id);
+        signUpSuccess(id, ...args);
       }
     });
   });
 }
 
-function signUpSuccess(id) {
+function signUpSuccess(id, result, popupHandler) {
   const lock = read(getEntity, "lock", id);
 
   if (shouldAutoLogin(lock)) {
@@ -98,6 +98,10 @@ function signUpSuccess(id) {
       password: c.password(lock)
     };
 
+    if (!!popupHandler) {
+      options.popupHandler = popupHandler;
+    }
+
     return webApi.logIn(
       id,
       options,
@@ -116,10 +120,10 @@ function signUpSuccess(id) {
 
   if (!autoclose) {
     swap(updateEntity, "lock", id, lock => l.setSubmitting(lock, false).set("signedUp", true));
+
   } else {
     closeLock(id, false);
   }
-
 }
 
 function signUpError(id, error) {
@@ -132,7 +136,7 @@ function signUpError(id, error) {
   };
 
   const errorKey = (error.code === "invalid_password"
-    && invalidPasswordKeys[error.details.name])
+    && invalidPasswordKeys[error.description])
     || error.code;
 
   const errorMessage = i18n.str(m, ["error", "signUp", errorKey])

src/core/actions.js

@@ -30,40 +30,34 @@ export function handleAuthCallback() {
   const hash = global.location.hash;
 
   const ms = read(getCollection, "lock");
-  const parsed = ms.filter(m => l.auth.redirect(m) && parseHash(m, hash));
   const keepHash = ms.filter(m => !l.hashCleanup(m)).size > 0;
 
-  if (parsed.size > 0 && !keepHash) {
-    global.location.hash = "";
-  }
+  ms.forEach(m => {
+    l.auth.redirect(m) && parseHash(m, hash, (result) => {
+        if (result && !keepHash) {
+          global.location.hash = "";
+        }
+      })
+    });
 }
 
-function parseHash(m, hash) {
-  const parsedHash = webApi.parseHash(l.id(m), hash);
-  l.emitHashParsedEvent(m, parsedHash);
-
-  let error, result;
-
-  if (parsedHash) {
-    if (parsedHash.error) {
-      error = parsedHash;
-    } else if (!parsedHash.hasOwnProperty("error")) {
-      // NOTE: if the url hash contains the string "error"
-      // `parsedHash` will be the following object:
-      // {error: undefined, error_description: undefined}
-      // That is why we make the additional check for the error
-      // property to ensure we actually have a result.
-      result = parsedHash;
+function parseHash(m, hash, cb) {
+  webApi.parseHash(l.id(m), hash, function(error, parsedHash) {
+
+    if (error) {
+      l.emitHashParsedEvent(m, error);
+    } else {
+      l.emitHashParsedEvent(m, parsedHash);
     }
 
     if (error) {
       l.emitAuthorizationErrorEvent(m, error);
-    } else if (result) {
-      l.emitAuthenticatedEvent(m, result);
+    } else if (parsedHash) {
+      l.emitAuthenticatedEvent(m, parsedHash);
     }
-  }
 
-  return !!(error || result);
+    cb(!!(error || parsedHash))
+  });
 }
 
 export function openLock(id, opts) {

src/core/index.js

@@ -34,6 +34,7 @@ export function setup(id, clientID, domain, options, hookRunner, emitEventFn) {
     emitEventFn: emitEventFn,
     hookRunner: hookRunner,
     useTenantInfo: options.__useTenantInfo || false,
+    oidcConformant: options.oidcConformant || false,
     hashCleanup: options.hashCleanup === false ? false : true,
     allowedConnections: Immutable.fromJS(options.allowedConnections || []),
     ui: extractUIOptions(id, options),
@@ -69,6 +70,10 @@ export function useTenantInfo(m) {
   return get(m, "useTenantInfo");
 }
 
+export function oidcConformant(m) {
+  return get(m, "oidcConformant");
+}
+
 export function languageBaseUrl(m) {
   return get(m, "languageBaseUrl");
 }
@@ -201,20 +206,26 @@ export const auth = {
 
 function extractAuthOptions(options) {
   let {
+    audience,
     connectionScopes,
     params,
     redirect,
     redirectUrl,
     responseMode,
     responseType,
-    sso
+    sso,
+    state,
+    nonce
   } = options.auth || {};
 
+  audience = typeof audience === "string" ? audience : undefined;
   connectionScopes = typeof connectionScopes === "object" ? connectionScopes : {};
   params = typeof params === "object" ? params : {};
-  redirectUrl = typeof redirectUrl === "string" && redirectUrl ? redirectUrl : undefined;
+  redirectUrl = typeof redirectUrl === "string" && redirectUrl ? redirectUrl : window.location.href;
   redirect = typeof redirect === "boolean" ? redirect : true;
   responseMode = typeof responseMode === "string" ? responseMode : undefined;
+  state = typeof state === "string" ? state : undefined;
+  nonce = typeof nonce === "string" ? nonce : undefined;
   responseType = typeof responseType === "string" ? responseType : redirectUrl ? "code" : "token";
 
   sso = typeof sso === "boolean" ? sso : true;
@@ -224,13 +235,16 @@ function extractAuthOptions(options) {
   }
 
   return Immutable.fromJS({
+    audience,
     connectionScopes,
     params,
     redirect,
     redirectUrl,
     responseMode,
     responseType,
-    sso
+    sso,
+    state,
+    nonce
   });
 }
 

src/core/remote_data.js

@@ -20,23 +20,25 @@ export function syncRemoteData(m) {
     });
   }
 
-  m = sync(m, "sso", {
-    conditionFn: l.auth.sso,
-    waitFn: m => isSuccess(m, "client"),
-    syncFn: (m, cb) => fetchSSOData(l.id(m), isADEnabled(m), cb),
-    successFn: (m, result) => m.mergeIn(["sso"], Immutable.fromJS(result)),
-    errorFn: (m, error) => {
-      // location.origin is not supported in all browsers
-      let origin = location.protocol + "//" + location.hostname;
-      if (location.port) {
-        origin += ":" + location.port;
-      }
+  if (!l.oidcConformant(m)) {
+    m = sync(m, "sso", {
+      conditionFn: l.auth.sso,
+      waitFn: m => isSuccess(m, "client"),
+      syncFn: (m, cb) => fetchSSOData(l.id(m), isADEnabled(m), cb),
+      successFn: (m, result) => m.mergeIn(["sso"], Immutable.fromJS(result)),
+      errorFn: (m, error) => {
+        // location.origin is not supported in all browsers
+        let origin = location.protocol + "//" + location.hostname;
+        if (location.port) {
+          origin += ":" + location.port;
+        }
 
-      const appSettingsUrl = `https://manage.auth0.com/#/applications/${l.clientID(m)}/settings`;
+        const appSettingsUrl = `https://manage.auth0.com/#/applications/${l.clientID(m)}/settings`;
 
-      l.warn(m, `There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "${origin}" to the "Allowed Origins (CORS)" list in the Auth0 dashboard: ${appSettingsUrl}`);
-    }
-  });
+        l.warn(m, `There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "${origin}" to the "Allowed Origins (CORS)" list in the Auth0 dashboard: ${appSettingsUrl}`);
+      }
+    });
+  }
 
   return m;
 }