Setting auth.params.device inside lock.show() doesn't work

auth0 / angular-lock

MIT License

18 stars 15 forks source link

Setting auth.params.device inside lock.show() doesn't work #13

Closed Lknechtli closed 4 years ago

Lknechtli commented 7 years ago

In my application, we intend to allow users to create refresh tokens for direct api interaction. The workflow to create a refresh token involves calling

lock.show({
  auth: {
    params: {
      scope: 'openid offline_access',
      device: someVar
    }
  }
});

When we then list the user's active refresh tokens, the objects returned from the auth0 API all have the device_name attribute set to Browser, instead of the contents of someVar. It seems like auth.params.device is being overwritten at some point.

chenkie commented 7 years ago

Can you confirm that you're using Lock 10? Options should be registered in $lockProvider.init instead of the show method.

$lockProvider.init({
  clientID: AUTH0_CLIENT_ID,
  domain: AUTH0_DOMAIN,
  options: {
    ...
  }
});

Lknechtli commented 7 years ago

I am using auth0-lock: "^10.4.0". I have my general login options set in $lockProvider.init, but in this case I'm showing a second login prompt that's different from the initial login in order to retrieve the refresh token.

According to your documentation here: https://auth0.com/docs/libraries/lock/v10/api#show-options- and here: https://auth0.com/docs/libraries/lock/v10/sending-authentication-parameters the lock.show() function does take some parameters:

The following subset of options to be overridden from the values they were given (or their defaults) when Lock was instantiated:

allowedConnections
auth.params
allowLogin
allowSignUp
allowForgotPassword
initialScreen
rememberLastLogin

Lknechtli commented 7 years ago

In either case, setting the auth.params.device in $lockProvider.init also doesn't work.

I don't think there's anything wrong with my use of lock.show(), as aside from auth.params.device, it works as expected. This may be an issue with https://github.com/auth0/lock and not the wrapper.

chenkie commented 7 years ago

We've got a patch in for this, should be fixed up on the next release of auth0.js.

moravcik commented 7 years ago

For me getting a refreshToken works with this:

lock.show({
  auth: {
    params: {
      scope: 'openid offline_access'
    }
  }
}

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️