search

auth0 / react-native-lock

[DEPRECATED] A wrapper of Lock to use with React Native (iOS & Android)
MIT License
277 stars 77 forks source link

Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client. #165

Closed mickr closed 4 years ago

mickr commented 7 years ago

Revisiting a project that had the react-native lock implemented, but I am getting an error logging in. I see the login failed with the error Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client..

The instantiation is pretty simple

constructor(clientId, domain) {
    this.clientId = clientId;
    this.domain = domain;
    this.lock = new Auth0Lock({ clientId, domain });
  }

I am using lock version 0.6.0 with RN 0.40.0

screen shot 2017-06-10 at 1 43 13 am

Any help would be appreciated

alex-haproff commented 7 years ago

Getting the same error here, apparently new clients don't get http://auth0.com/oauth/legacy/grant-type/ro grant anymore, and as far as I can see it can not be added either through Auth0 management API. More info here https://community.auth0.com/questions/3944/error-grant-type-password-not-allowed-for-the-clie?childToView=3989#comment-3989

mickr commented 7 years ago

@alex-haproff I would assume that the client / Lock could be re-configured for the proper grant. Hopefully this get resolved soon, thanks for the confirmation that I'm not the only one getting the error.

alex-haproff commented 7 years ago

@mickr actually the client can't be easily re-configured. Attempting to add the grant ( http://auth0.com/oauth/legacy/grant-type/ro) through Auth0's management api results in 'Bad Request: Grant type is invalid...' which is correct - they phased it out. Having looked at objective-c code I can say it won't be a quick fix either to use the new endpoints and new flow (I've tried). Further to this underlying 'native' implementation is the old 1.x version of Lock, right now the officially supported version is 2.x and is written in Swift. I believe react-native-auth0 is also affected by this. Until the Lock 2/Swift implementation becomes a 'native' module in react-native-lock it is pretty useless. If you still need to implement something like lock (in my case it is just a 'username/password' flow, without social providers, touchId etc) I would suggest using auth0.js and building your own React component. Overall, pretty sad state of affairs if you ask me.

ugurarpaci commented 7 years ago

+1 to this issue. We are suffering as well, documentation mentions that it is working but in practice as @alex-haproff mentions, It does not work as it should be.

hzalaz commented 7 years ago

@ugurarpaci @mickr if your tenant was created before June 8th you would be able to patch the client to add the missing grants (More info in https://auth0.com/docs/clients/client-grant-types). If you are unable to update your client grants, sadly your options are to build your own UI using react-native-auth0 or trying to bridge yourself the native Locks v2 (iOS & Android) in your apps (if you have the mobile knowledge to do so). Also I strongly advise against using auth0.js since its meant to be used in the browser only and because of that many of its methods will be deprecated.

We have in our mid term plans build a react-native lock since the bridge route seems to hard to grasp for react-native developers but in the meantime that is the state of affairs.

hzalaz commented 7 years ago

Also documentation will show soon the state of the library and the quickstarts/samples will be updated accordingly.

ugurarpaci commented 7 years ago

Thanks, I think we should wait for the native libs to be updated.

MarkRich commented 7 years ago

Is there any time estimate of when this will be fixed? I created my client prior to june 8th and I can't add http://auth0.com/oauth/legacy/grant-type/ro as a grant. I'm contacting customer service to see why, but it would be nice to understand whether this will be fixed in a week or 3 months in the meantime.

haydenholligan commented 7 years ago

This is happening to me on Auth0.swift 1.6.0 as well. I don't know how to work around it right now.

hzalaz commented 7 years ago

@MarkRich in that case you should be able to update your grants following as stated in here in Auth0 dashboard.

@haydenholligan this should apply to you too since you should enable the Password Grant for your client. Please submit an issue in the Auth0.swift repo and we can explain for your case.

compojoom commented 7 years ago

I was experimenting yesterday with auth0 for the first time. Unfortunately after following all the RN tutorials - this is what we get? How is one supposed to add login functionality to a RN app if this isn't working?

mickr commented 7 years ago

@compojoom You can still use the Auth0 APIs directly using your own components.

dankellett commented 7 years ago

Might be a good idea to update the quickstart to mention that this currently doesn't work. Wasting a bunch of time isn't an awesome introduction to Auth0.

ghost commented 7 years ago

This is so confusing and clearly there is lack of communication, I am trying passwordless SMS auth through Lock 2 UI and I'm getting Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client.

is this because of the same changes described here or am I facing something else. Also I cannot this grant type in the API