I have an old-school angularJs app that has two pages. On both of the pages I include the auth0 lock script.
<script src="https://cdn.auth0.com/js/lock/11.9.0/lock.min.js"></script>
Of those two pages, one has the following js that specifies an auth0 lock to allow users to login:
new Auth0LockPasswordless(configuration.id,configuration.domain,
{
allowedConnections: ['email'],
passwordlessMethod: "link",
auth: {
redirectUrl: configuration.redirectUrl,
responseType: 'token id_token',
params: {
scope: 'openid profile email offline_access'
}
}
}).show();
and the other page is responsible for the call-back after they've clicked the link in their email.
var lock = new Auth0LockPasswordless(configuration.id, configuration.domain);
lock.on('authorization_error',
function(authResult) {
console.log("DEBUG::AUTHRESULT::", authResult);
});
lock.on('authenticated',
function(authResult) {
console.log("DEBUG::AUTHRESULT::", authResult);
});
Now I've set offline_access
in the scope of the request, and on my local environment been prompted for additional permissions when authenticating (so it's making it through). However when I check the log from the lock.on('authenticated', function(authResult)..
refreshToken is always null.
There's some conflicting documentation around the web, with both suggestions that lock will and wont return a refresh token. Is anyone able to confirm if this code should result in a valid refreshToken?
from How do I get a refresh token from auth0 passwordless using lock v11?
No comments:
Post a Comment