search

auth0 / angular-auth0

Angular 1.x Wrapper for Auth0.js v9 and higher
MIT License
24 stars 22 forks source link

renew token_id not working with account linking rule #10

Closed swinston1000 closed 7 years ago

swinston1000 commented 7 years ago

Hi

I am using Angular 1 and lock10 I use the angular-auth0 wrapper (which is named confusingly similarly to auth0-angular!) I have a rule in my auth0 dashboard that links accounts based on e-mail address

function (user, context, callback) {
  var request = require('request@2.56.0');
  // Check if email is verified, we shouldn't automatically
  // merge accounts if this is not the case.
  if (!user.email_verified) {
    return callback(null, user, context);
  }
  var userApiUrl = auth0.baseUrl + '/users';

  request({
   url: userApiUrl,
   headers: {
     Authorization: 'Bearer ' + auth0.accessToken
   },
   qs: {
     search_engine: 'v2',
     q: 'email:"' + user.email + '" -user_id:"' + user.user_id + '"',
   }
  },
  function(err, response, body) {
    if (err) return callback(err);
    if (response.statusCode !== 200) return callback(new Error(body));

    var data = JSON.parse(body);
    if (data.length > 0) {
      async.each(data, function(targetUser, cb) {
        if (targetUser.email_verified) {
          var aryTmp = targetUser.user_id.split('|');
          var provider = aryTmp[0];
          var targetUserId = aryTmp[1];
          request.post({
            url: userApiUrl + '/' + user.user_id + '/identities',
            headers: {
              Authorization: 'Bearer ' + auth0.accessToken
            },
            json: { provider: provider, user_id: targetUserId }
          }, function(err, response, body) {
              if (response.statusCode >= 400) {
               cb(new Error('Errors linking account: ' + response.statusMessage));  
              }
            cb(err);
          });
        } else {
          cb();
        }
      }, function(err) {
        callback(err, user, context);
      });
    } else {
      callback(null, user, context);
    }
  });
}

I have the following angular code which I use to renew user's id_tokens.

    if (currentTokenisValid) {
        angularAuth0.renewIdToken(currentToken, function(err, delegationResult) {
            if (err) {
                console.log(err);
                return
            }
            localStorage.setItem('id_token', delegationResult.id_token);
        });
    }

It works when the account linking rule is off but when the linking rule is on I get the following error logged:

    error:  "invalid_request"
    error_description: "Errors linking account: Bad Request"
    statusCode: 400

Do you have any other ideas how I can solve this error?

Or is there a way to stop the rule running when there is a renew token_id request?

I want to renew users tokens everytime they login. If they don't login for say 7 days in a row then their id_token expires - I run a web app so I don't want to use refresh tokens. Any other ideas on how to do this would be great!

chenkie commented 7 years ago

Hey @swinston1000, for this specific issue it's probably best to open a ticket :) Can you put one in here? https://support.auth0.com/ Thanks!

swinston1000 commented 7 years ago

@chenkie Thanks, I managed to get this working by editing the rule in Auth0 Sorry I forgot to close this.

chenkie commented 7 years ago

np, good to hear!