search

sbarski / serverless-architectures-aws

The code repository for the Serverless Architectures on AWS book
http://book.acloud.guru
MIT License
154 stars 100 forks source link

Updating to Auth0 lock v.11.0.1 (OIDC conformance) #8

Open maxipesfix opened 6 years ago

maxipesfix commented 6 years ago

Since I wasn't able to make the original example work with Auth0Lock v.9 I updated the code of user-controller.js, Lambda, and Gateway API mapping to be conforming to Auth0Lock v.11.0.1 (OIDC).

Specifically the changes stem from the new API for user profile: /userinfo, which uses accessToken instead of idToken. Therefore I modified the js to pass both idToken and accessToken to Lambda, since idToken is still needed for jwt.

https://auth0.com/docs/api/authentication#user-profile

pmrubenrao commented 4 years ago

Well the changes done by maxi works like a charm..thanks..!!

corhyam commented 3 years ago

@maxipesfix @pmrubenrao Hello, may I ask some questions? I used the code of maxipesfix, but I still could not success. I would like to know why. After logging in, both ID token and access token were obtained, but the user-profile still reported CORS error. I have tried to resolve the issue for weeks, but I have not been able to find a solution.

pmrubenrao commented 3 years ago

cant comment without looking into the code. could you share your version ?

corhyam commented 3 years ago

@pmrubenrao Thank you for your reply. Please forgive me for my bad English. I’m a student, I do not have deep skills, so I want to follow this book to learn and do some demos. Maybe the books content are out of date , I'm always in trouble. At first, I followed the progress of the book to study Chapter 5, but I found no way to implement it. Later, I followed the issues to make modifications, but I still could not solve it, as CORS exceptions would always appear. https://github.com/sbarski/serverless-architectures-aws/issues/9 I saw that you checked the code of maxipesfix, so I forked his code and modified the content of config.js to redeploy it, but it still didn't work. Both the ID token and the Access token are obtained, but the CORS problem occurs whenever the user-profile button is clicked. 'http://127.0.0.1:8100' has been blocked by CORS policy: Request header field accesstoken is not allowed by Access-Control-Allow-Headers in preflight response.

I try to test lambda function. curl --header "Authorization: " {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJhbGciOi****

Because many contents of the book are out of date, I have been confused for a long time unable to deal with, so I take the liberty to ask you questions, thank you in advance. https://github.com/maxipesfix/serverless-architectures-aws/tree/master/chapter-5

pmrubenrao commented 3 years ago

I do face these issues while replicating this module. from what I remember is that you need to add the accessToken in the Access-Control-Allow-Headers while enabling the CORS in the user-profile API Gateway.

corhyam commented 3 years ago

Thank you so much for solving my problem. I've been trying to make changes in the module again and again, but I've never added accessToken in the header.