Tuesday, 30 October 2018

How do I get a refresh token from auth0 passwordless using lock v11?

I have an old-school angularJs app that has two pages. On both of the pages I include the auth0 lock script.

<script src="https://cdn.auth0.com/js/lock/11.9.0/lock.min.js"></script>

Of those two pages, one has the following js that specifies an auth0 lock to allow users to login:

new Auth0LockPasswordless(configuration.id,configuration.domain,
{
    allowedConnections: ['email'],
    passwordlessMethod: "link",
    auth: {
        redirectUrl: configuration.redirectUrl,
        responseType: 'token id_token',
        params: {
            scope: 'openid profile email offline_access'
        }
    }
}).show();

and the other page is responsible for the call-back after they've clicked the link in their email.

var lock = new Auth0LockPasswordless(configuration.id, configuration.domain);

lock.on('authorization_error',
    function(authResult) {
        console.log("DEBUG::AUTHRESULT::", authResult);
});

lock.on('authenticated',
    function(authResult) {
        console.log("DEBUG::AUTHRESULT::", authResult);
});

Now I've set offline_access in the scope of the request, and on my local environment been prompted for additional permissions when authenticating (so it's making it through). However when I check the log from the lock.on('authenticated', function(authResult).. refreshToken is always null.

There's some conflicting documentation around the web, with both suggestions that lock will and wont return a refresh token. Is anyone able to confirm if this code should result in a valid refreshToken?



from How do I get a refresh token from auth0 passwordless using lock v11?

No comments:

Post a Comment