Using this with Auth0

[hutchcodes]

I'm not sure if I'm not configuring this package incorrectly or if I'm not configuring something correctly in Auth0, but I'm not getting session_state back when I login through Auth0, and that is causing an exception to be thrown. Any ideas on what I should be looking at?

[ghidello]

Hi, as you probably understood I didn't test this library with auth0. I quickly scanned their application configuration page and it looks to me that they don't support the OpenID Connect Session Management 1.0 or, at least, I didn't find a way to enable it. The session_state you got an exception about should be returned by identity providers supporting this specification but it's not returned by Auth0 in the authentication response. I just published a new version (1.0.0-alpha-5) of the library that allows to disable the session management with this setting:

settings.MonitorSession = false;

On a side note, if the session management specification is not implemented also the logout functionality will not work.

Once again I have no experience with Auth0 so let me know if you find out more about their session management and logout implementation so we can create a recipe for this provider.

[hutchcodes]

Excellent. That gets me past my first challenge. And after changing to store the token in LocalStorage I get the behavior I expect.

For logout, I think just deleting the token from LocalStorage will give me the feel logout feel in my application. Not sure if it's appropriate to call the Logout url at Auth0 too.

If that makes sense to make part of your library I'd be happy to send a PR. Otherwise I'll just implement it in my app.

[ghidello]

I’m glad it’s working now! Removing the object from the store and reloading the page should do the trick (currently I don’t think there is a facility for reloading the state outside the logout method). I also saw that there is a “/v2/logout” but I didn’t investigate further. I’ll definitely need to add some entry points for configuring this logout behavior so I’ll be glad to discuss your solution.. probably after the beginning of the year though.. :smile:

[ghidello]

In the next days i'll try to rethink the library and make the Auth0 logout scenario usable. Feel free to jump to issue #15 and add any suggestion you think should be included.