Hi,
we are using auth0 lock11(11.5.0). We had problem with Cross Origin Authentication so we register custom domain (login.besmarthead.com instead of smarthead.eu.auth0.com) -> cert is managed by auth0. We had followed this tutorial https://auth0.com/docs/custom-domains.
BUT now when i open page and user is already logged in (saving token in locale storage) i see this (alert window, chrome v65, ubuntu)
You should not be hitting this endpoint. Make sure to use the code snippets shown in the tutorial or contact [email protected] for help
I have update lock as tutorial suggest
var lock = new Auth0Lock('your-client-id', 'login.northwind.com', {
...
configurationBaseUrl: 'https://cdn.auth0.com'
...
});
Alert popup when (debugging in network console) when page tries to hit 'https://login.besmarthead.com/client/XDUWdmcRSrP7BdlwmVQXDnognHsgV28a.js?t1521754197839'.
There is no further error so i do not know where to start search for error. Any help would be appreciated. Thanks
can you share your full configuration? are you using the hosted login page or embedded lock?
This works for me:
const clientId = "BWDP9XS89CJq1w6Nzq7iFOHsTh6ChS2b";
const domain = "auth.brucke.club";
const defaultOptions = {
configurationBaseUrl: 'https://cdn.auth0.com',
};
var lock = new Auth0Lock(clientId, domain, defaultOptions);
lock.show();
Hi,
thanks for reply. We are using embedded lock :
const lock = new Auth0Lock.default(
environment.auth0_clientId,
environment.auth0_domain, // new one, custom domain
{
configurationBaseUrl: 'https://cdn.eu.auth0.com',
additionalSignUpFields: [
firstNameField,
lastNameField
],
auth: {
redirect: false,
redirectUrl: location.origin + environment.auth0_redirectUrl,
responseType: 'id_token token',
params: {
scope: 'openid email id_token profile'
}
},
autoclose: true,
initialScreen: screen,
languageDictionary: { // https://github.com/auth0/lock/blob/master/src/i18n/en.js
title: translation[0],
loginLabel: translation[0],
loginSubmitLabel: translation[0],
passwordInputPlaceholder: translation[1],
signupTitle: translation[2],
signUpLabel: translation[2],
signUpSubmitLabel: translation[2],
forgotPasswordTitle: translation[3],
forgotPasswordAction: translation[4],
forgotPasswordInstructions: translation[5],
forgotPasswordSubmitLabel: translation[6],
databaseEnterpriseAlternativeLoginInstructions: translation[7],
databaseAlternativeSignUpInstructions: translation[7],
lastLoginInstructions: translation[8],
notYourAccountAction: translation[9],
},
theme: {
logo: location.origin + '/assets/images/logo/sh-small.png',
primaryColor: '#BF1D1D'
}
}
);
lock.show();
Thanks, Martin
Hey, I was in a holiday last friday. Did you fix this issue?
Hi,
nope ... no luck so far.
But alert 'You should not be hitting this endpoint...' appear only when you are sign in.
1) when you open page for first time, everything is ok
2) you sign in with lock
3) refresh page, alert window popup (as result of call 'https://login.besmarthead.com/client/XDUWdmcRSrP7BdlwmVQXDnognHsgV28a.js?t1521754197839' -> i guess it is lock 'silent authentication' ?)
Martin
https://www.besmarthead.com/home-page is this the page that you're testing this?
Yes, but currently there is deployed version which is NOT using custom domain.
Do you want to try it (i can deploy there version with custom domaim) ?
Are you calling checkSession by yourself anywhere?
yes,
i have stored token inside local storage, when token is present i do:
const lock = new Auth0Lock.default(
environment.auth0_clientId,
environment.auth0_domain, {
auth: {
redirect: false,
redirectUrl: location.origin + environment.auth0_redirectUrl,
responseType: 'id_token token',
params: {
scope: 'openid email id_token profile'
}
},
}
);
lock.checkSession({}, (error, authResult: any) => {
if (authResult) {
console.log('Silent authentication: received valid token');
// ... app code, user is sign in
}
});
Now i see that i am missing
configurationBaseUrl: 'https://cdn.eu.auth0.com'
could this be problem ?
it absolutely is 馃槤
Well, shame on me !
This evening i will try it -> i will give you feedback
Thanks so much !
Ok thanks! If it doesn't work, please reopen the issue 馃帀
Everything works ! thanks
Just for future troubles with this.
Use https://cdn.auth0.com instead of https://cdn.eu.auth0.com
This error should be improved upon.
Would it be too hard to just check if a custom domain is present, and if so then respond with an alert saying that configurationBaseUrl is required?
Most helpful comment
This error should be improved upon.
Would it be too hard to just check if a custom domain is present, and if so then respond with an alert saying that
configurationBaseUrlis required?