Merge pull request #420 from auth0/fix/postMessage-handler

Fix postMessage handler to handle parsed objects as well

example/callback.html

@@ -1,17 +1,8 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <script src="/auth0.js"></script>
     <script type="text/javascript">
-      var auth0 = new auth0.WebAuth({
-        domain: 'auth0-tests-auth0js.auth0.com',
-        redirectUri: 'http://localhost:3000/example',
-        clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
-        responseType: 'token'
-      });
-      var result = auth0.parseHash(window.location.hash, function(err, data) {
-        parent.postMessage(err || data, "http://localhost:3000/");
-      });
+      parent.postMessage(window.location.hash, "http://localhost:3000/");
     </script>
   </head>
   <body></body>

src/helper/iframe-handler.js

@@ -52,7 +52,7 @@ IframeHandler.prototype.messageEventListener = function (e) {
 
 IframeHandler.prototype.loadEventListener = function () {
   var _this = this;
-  _this.callback(this.iframe.contentWindow.location.hash);
+  _this.callback(null, this.iframe.contentWindow.location.hash);
 };
 
 IframeHandler.prototype.callbackHandler = function (result) {

src/web-auth/index.js

@@ -251,7 +251,12 @@ WebAuth.prototype.renewAuth = function (options, cb) {
 
   handler = new SilentAuthenticationHandler(this, this.client.buildAuthorizeUrl(params));
 
-  handler.login(usePostMessage, function (hash) {
+  handler.login(usePostMessage, function (err, hash) {
+    if (typeof hash === 'object') {
+      // hash was already parsed, so we just return it
+      // it's here to be backwards compatible and should be removed in the next major version
+      return cb(err, hash);
+    }
     var transaction = _this.transactionManager.getStoredTransaction(params.state);
     var transactionNonce = options.nonce || (transaction && transaction.nonce) || null;
     var transactionState = options.state || (transaction && transaction.state) || null;

src/web-auth/silent-authentication-handler.js

@@ -14,7 +14,7 @@ SilentAuthenticationHandler.prototype.login = function (usePostMessage, callback
     callback: callback,
     timeout: this.timeout,
     timeoutCallback: function () {
-      callback('#error=timeout&error_description=Timeout+during+authentication+renew.');
+      callback(null, '#error=timeout&error_description=Timeout+during+authentication+renew.');
     },
     usePostMessage: usePostMessage || false
   });

test/helper/iframe-handler.test.js

@@ -126,7 +126,7 @@ describe('helpers iframeHandler', function () {
       var iframeHandler = new IframeHandler({
         auth0: this.auth0,
         url: 'http://example.com',
-        callback: function (data) {
+        callback: function (err, data) {
           expect(iframe.style).to.eql({ display: 'none' });
           expect(iframe.src).to.be('http://example.com');
 

test/web-auth/web-auth.test.js

@@ -37,7 +37,7 @@ describe('auth0.WebAuth', function () {
 
     it('should fail if the nonce is not valid', function (done) {
       stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
-        cb('#state=456&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlF6RTROMFpCTTBWRFF6RTJSVVUwTnpJMVF6WTFNelE0UVRrMU16QXdNRUk0UkRneE56RTRSZyJ9.eyJpc3MiOiJodHRwczovL3dwdGVzdC5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NTVkNDhjNTdkNWIwYWQwMjIzYzQwOGQ3IiwiYXVkIjoiZ1lTTmxVNFlDNFYxWVBkcXE4elBRY3VwNnJKdzFNYnQiLCJleHAiOjE0ODI5NjkwMzEsImlhdCI6MTQ4MjkzMzAzMSwibm9uY2UiOiJhc2ZkIn0.PPoh-pITcZ8qbF5l5rMZwXiwk5efbESuqZ0IfMUcamB6jdgLwTxq-HpOT_x5q6-sO1PBHchpSo1WHeDYMlRrOFd9bh741sUuBuXdPQZ3Zb0i2sNOAC2RFB1E11mZn7uNvVPGdPTg-Y5xppz30GSXoOJLbeBszfrVDCmPhpHKGGMPL1N6HV-3EEF77L34YNAi2JQ-b70nFK_dnYmmv0cYTGUxtGTHkl64UEDLi3u7bV-kbGky3iOOCzXKzDDY6BBKpCRTc2KlbrkO2A2PuDn27WVv1QCNEFHvJN7HxiDDzXOsaUmjrQ3sfrHhzD7S9BcCRkekRfD9g95SKD5J0Fj8NA');
+        cb(null, '#state=456&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlF6RTROMFpCTTBWRFF6RTJSVVUwTnpJMVF6WTFNelE0UVRrMU16QXdNRUk0UkRneE56RTRSZyJ9.eyJpc3MiOiJodHRwczovL3dwdGVzdC5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NTVkNDhjNTdkNWIwYWQwMjIzYzQwOGQ3IiwiYXVkIjoiZ1lTTmxVNFlDNFYxWVBkcXE4elBRY3VwNnJKdzFNYnQiLCJleHAiOjE0ODI5NjkwMzEsImlhdCI6MTQ4MjkzMzAzMSwibm9uY2UiOiJhc2ZkIn0.PPoh-pITcZ8qbF5l5rMZwXiwk5efbESuqZ0IfMUcamB6jdgLwTxq-HpOT_x5q6-sO1PBHchpSo1WHeDYMlRrOFd9bh741sUuBuXdPQZ3Zb0i2sNOAC2RFB1E11mZn7uNvVPGdPTg-Y5xppz30GSXoOJLbeBszfrVDCmPhpHKGGMPL1N6HV-3EEF77L34YNAi2JQ-b70nFK_dnYmmv0cYTGUxtGTHkl64UEDLi3u7bV-kbGky3iOOCzXKzDDY6BBKpCRTc2KlbrkO2A2PuDn27WVv1QCNEFHvJN7HxiDDzXOsaUmjrQ3sfrHhzD7S9BcCRkekRfD9g95SKD5J0Fj8NA');
       });
 
       var webAuth = new WebAuth({
@@ -382,7 +382,7 @@ describe('auth0.WebAuth', function () {
 
     it('should validate the token', function (done) {
       stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
-        cb('#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlF6RTROMFpCTTBWRFF6RTJSVVUwTnpJMVF6WTFNelE0UVRrMU16QXdNRUk0UkRneE56RTRSZyJ9.eyJpc3MiOiJodHRwczovL3dwdGVzdC5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NTVkNDhjNTdkNWIwYWQwMjIzYzQwOGQ3IiwiYXVkIjoiZ1lTTmxVNFlDNFYxWVBkcXE4elBRY3VwNnJKdzFNYnQiLCJleHAiOjE0ODI5NjkwMzEsImlhdCI6MTQ4MjkzMzAzMSwibm9uY2UiOiJhc2ZkIn0.PPoh-pITcZ8qbF5l5rMZwXiwk5efbESuqZ0IfMUcamB6jdgLwTxq-HpOT_x5q6-sO1PBHchpSo1WHeDYMlRrOFd9bh741sUuBuXdPQZ3Zb0i2sNOAC2RFB1E11mZn7uNvVPGdPTg-Y5xppz30GSXoOJLbeBszfrVDCmPhpHKGGMPL1N6HV-3EEF77L34YNAi2JQ-b70nFK_dnYmmv0cYTGUxtGTHkl64UEDLi3u7bV-kbGky3iOOCzXKzDDY6BBKpCRTc2KlbrkO2A2PuDn27WVv1QCNEFHvJN7HxiDDzXOsaUmjrQ3sfrHhzD7S9BcCRkekRfD9g95SKD5J0Fj8NA');
+        cb(null, '#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlF6RTROMFpCTTBWRFF6RTJSVVUwTnpJMVF6WTFNelE0UVRrMU16QXdNRUk0UkRneE56RTRSZyJ9.eyJpc3MiOiJodHRwczovL3dwdGVzdC5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NTVkNDhjNTdkNWIwYWQwMjIzYzQwOGQ3IiwiYXVkIjoiZ1lTTmxVNFlDNFYxWVBkcXE4elBRY3VwNnJKdzFNYnQiLCJleHAiOjE0ODI5NjkwMzEsImlhdCI6MTQ4MjkzMzAzMSwibm9uY2UiOiJhc2ZkIn0.PPoh-pITcZ8qbF5l5rMZwXiwk5efbESuqZ0IfMUcamB6jdgLwTxq-HpOT_x5q6-sO1PBHchpSo1WHeDYMlRrOFd9bh741sUuBuXdPQZ3Zb0i2sNOAC2RFB1E11mZn7uNvVPGdPTg-Y5xppz30GSXoOJLbeBszfrVDCmPhpHKGGMPL1N6HV-3EEF77L34YNAi2JQ-b70nFK_dnYmmv0cYTGUxtGTHkl64UEDLi3u7bV-kbGky3iOOCzXKzDDY6BBKpCRTc2KlbrkO2A2PuDn27WVv1QCNEFHvJN7HxiDDzXOsaUmjrQ3sfrHhzD7S9BcCRkekRfD9g95SKD5J0Fj8NA');
       });
 
       var webAuth = new WebAuth({
@@ -425,43 +425,69 @@ describe('auth0.WebAuth', function () {
         done();
       });
     });
+    describe('should return the access_token', function () {
+      it('when login returns an object', function (done) {
+        stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
+          cb(null, { accessToken: '123' });
+        });
 
-    it('should return the access_token', function (done) {
-      stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
-        cb('#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1');
-      });
+        var webAuth = new WebAuth({
+          domain: 'mdocs.auth0.com',
+          redirectUri: 'http://page.com/callback',
+          clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
+          responseType: 'token',
+          scope: 'openid name read:blog',
+          audience: 'urn:site:demo:blog',
+          _sendTelemetry: false
+        });
 
-      var webAuth = new WebAuth({
-        domain: 'mdocs.auth0.com',
-        redirectUri: 'http://page.com/callback',
-        clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
-        responseType: 'token',
-        scope: 'openid name read:blog',
-        audience: 'urn:site:demo:blog',
-        _sendTelemetry: false
+        var options = {};
+
+        webAuth.renewAuth(options, function (err, data) {
+          expect(err).to.be(null);
+          expect(data).to.eql({
+            accessToken: '123'
+          });
+          done();
+        });
       });
+      it('when login returns a string', function (done) {
+        stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
+          cb(null, '#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1');
+        });
 
-      var options = {};
+        var webAuth = new WebAuth({
+          domain: 'mdocs.auth0.com',
+          redirectUri: 'http://page.com/callback',
+          clientID: '0HP71GSd6PuoRYJ3DXKdiXCUUdGmBbup',
+          responseType: 'token',
+          scope: 'openid name read:blog',
+          audience: 'urn:site:demo:blog',
+          _sendTelemetry: false
+        });
 
-      webAuth.renewAuth(options, function (err, data) {
-        expect(err).to.be(null);
-        expect(data).to.eql({
-          accessToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1',
-          idToken: null,
-          idTokenPayload: null,
-          appStatus: null,
-          refreshToken: null,
-          state: null,
-          expiresIn: null,
-          tokenType: null
+        var options = {};
+
+        webAuth.renewAuth(options, function (err, data) {
+          expect(err).to.be(null);
+          expect(data).to.eql({
+            accessToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1',
+            idToken: null,
+            idTokenPayload: null,
+            appStatus: null,
+            refreshToken: null,
+            state: null,
+            expiresIn: null,
+            tokenType: null
+          });
+          done();
         });
-        done();
       });
     });
 
     it('should validate the token and fail', function (done) {
       stub(SilentAuthenticationHandler.prototype, 'login', function(usePostMessage, cb) {
-        cb('#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL21kb2NzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw0QVpERjU2Nzg5IiwiYXVkIjpbIjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIl0sImV4cCI6MTQ3ODU2MjI1MywiaWF0IjoxNDc4NTI2MjUzfQ.3x97RcBqXq9UE3isgbPdVlC0XdU7kQrPhaOFR-Fb4TA');
+        cb(null, '#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL21kb2NzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw0QVpERjU2Nzg5IiwiYXVkIjpbIjBIUDcxR1NkNlB1b1JZSjNEWEtkaVhDVVVkR21CYnVwIl0sImV4cCI6MTQ3ODU2MjI1MywiaWF0IjoxNDc4NTI2MjUzfQ.3x97RcBqXq9UE3isgbPdVlC0XdU7kQrPhaOFR-Fb4TA');
       });
 
       var webAuth = new WebAuth({