-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add transaction manager to passwordlessLogin and login #731
Conversation
Any updates as to when this might be released? |
We still have a few outstanding issues we want in the next release. It's either tomorrow or next week. |
@@ -651,18 +666,33 @@ WebAuth.prototype.login = function(options, cb) { | |||
* @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`. | |||
*/ | |||
WebAuth.prototype.passwordlessLogin = function(options, cb) { | |||
var params = objectHelper |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are doing the exact same thing on the WebAuth.prototype.login
method. Maintaining this would be a PITA. Why not moving this to a helper method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use that a bunch of different places, so I feel this should be tackled in a bigger refactor on how we handle transactions. Tracking: #740
@@ -1782,7 +1782,11 @@ describe('auth0.WebAuth', function() { | |||
credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't seem to find this http://auth0.com/oauth/grant-type/passwordless/otp
value anywhere in docs. Can you please point me to a doc where this is mentioned?
@@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
realm: 'email', | |||
username: 'the@email.com', | |||
otp: '123456' | |||
otp: '123456', | |||
clientID: '...', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the PR description, what was missing originally was the state/nonce generated values.
- Why are
clientID, responseType, redirectUri
passed now then? If they are NOT required I see no point on passing them down. - Like I mentioned, the PR talks about state and nonce, but tests only check that
state
is being set. You might want to expect anonce=randomNonce
somewhere too, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We allow people to override most of the options in all most of the methods, that's why I added all the options that you can pass to authorize
, except responseMode.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright with (1). Solve (2) and I'll approve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
realm: 'email', | |||
username: 'the@email.com', | |||
otp: '123456' | |||
otp: '123456', | |||
clientID: '...', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
realm: 'email', | |||
username: 'the@email.com', | |||
otp: '123456' | |||
otp: '123456', | |||
clientID: '...', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
test/web-auth/web-auth.test.js
Outdated
@@ -1754,7 +1754,8 @@ describe('auth0.WebAuth', function() { | |||
clientID: '...', | |||
redirectUri: 'http://page.com/callback', | |||
responseType: 'code', | |||
_sendTelemetry: false | |||
_sendTelemetry: false, | |||
nonce: 'the-nonce' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shouldn't be setting the nonce value yourself. The PR description clearly states that what was broken is "state/nonce were not being auto generated". Please DO check that the nonce is present but don't manually set it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this line is already doing some of that
auth0.js/test/web-auth/web-auth.test.js
Line 27 in f6e2227
return { state: state || 'randomState', nonce: nonce || 'randomNonce' }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you're right. I switched to id_token since it's the only case where it generates the nonce.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
This fixes an issue that state/nonce were not being auto generated in popup mode.
fix #730