Skip to content

Updating to Auth0 lock v.11.0.1 (OIDC conformance)#8

Open
maxipesfix wants to merge 3 commits into
sbarski:masterfrom
maxipesfix:master
Open

Updating to Auth0 lock v.11.0.1 (OIDC conformance)#8
maxipesfix wants to merge 3 commits into
sbarski:masterfrom
maxipesfix:master

Conversation

@maxipesfix

Copy link
Copy Markdown

Since I wasn't able to make the original example work with Auth0Lock v.9 I updated the code of user-controller.js, Lambda, and Gateway API mapping to be conforming to Auth0Lock v.11.0.1 (OIDC).

Specifically the changes stem from the new API for user profile: /userinfo, which uses accessToken instead of idToken. Therefore I modified the js to pass both idToken and accessToken to Lambda, since idToken is still needed for jwt.

https://auth0.com/docs/api/authentication#user-profile

Maxim Makatchev added 3 commits January 7, 2018 17:42
…API. Passing both idToken and accessToken to AWS, since jwt requires idToken and OIDC conformant GET /usernfo requires accessToken.
…oken is needed for jwt verification and access token to access OIDC conformant Auth0 API /userinfo
@pmrubenrao

Copy link
Copy Markdown

Well the changes done by maxi works like a charm..thanks..!!

@corhyam

corhyam commented Mar 20, 2021

Copy link
Copy Markdown

@maxipesfix @pmrubenrao Hello, may I ask some questions? I used the code of maxipesfix, but I still could not success. I would like to know why. After logging in, both ID token and access token were obtained, but the user-profile still reported CORS error. I have tried to resolve the issue for weeks, but I have not been able to find a solution.

@pmrubenrao

Copy link
Copy Markdown

cant comment without looking into the code.
could you share your version ?

@corhyam

corhyam commented Mar 20, 2021

Copy link
Copy Markdown

@pmrubenrao Thank you for your reply. Please forgive me for my bad English. I’m a student, I do not have deep skills, so I want to follow this book to learn and do some demos. Maybe the books content are out of date , I'm always in trouble. At first, I followed the progress of the book to study Chapter 5, but I found no way to implement it. Later, I followed the issues to make modifications, but I still could not solve it, as CORS exceptions would always appear.
#9
I saw that you checked the code of maxipesfix, so I forked his code and modified the content of config.js to redeploy it, but it still didn't work.
Both the ID token and the Access token are obtained, but the CORS problem occurs whenever the user-profile button is clicked.
'http://127.0.0.1:8100' has been blocked by CORS policy: Request header field accesstoken is not allowed by Access-Control-Allow-Headers in preflight response.

I try to test lambda function.
curl --header "Authorization: <id_token>"
{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJhbGciOi****

Because many contents of the book are out of date, I have been confused for a long time unable to deal with, so I take the liberty to ask you questions, thank you in advance.
https://github.com/maxipesfix/serverless-architectures-aws/tree/master/chapter-5

@pmrubenrao

pmrubenrao commented Mar 21, 2021

Copy link
Copy Markdown

I do face these issues while replicating this module.
from what I remember is that you need to add the accessToken in the Access-Control-Allow-Headers while enabling the CORS in the user-profile API Gateway.

@corhyam

corhyam commented Mar 24, 2021

Copy link
Copy Markdown

Thank you so much for solving my problem. I've been trying to make changes in the module again and again, but I've never added accessToken in the header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants