auth0

问题 Background I am looking at the OAuth 2.0 Implicit Grant flow where a user is redirected to an authentication service and a JWT token is sent back a Single Page Application(SPA). The token is stored in a cookie or in local storage and, in the examples i have seen, the application will hide/show certain pages based on whether it can find the token in storage. Issue The problem is that in all the examples (official from service providers), i was able to manually add any random but properly

问题 I'm implementing Auth0 in my ASP.NET Core 2.1 app with React front-end. Once the user authenticates, I get both an access_token and an id_token . I'm clear that the purpose of access_token is to grant access to my API methods. I also understand that the id_token provides user data which I can use in my front-end app. The question/concern is about sending user data, such as userId to my backend when I make API calls. Other than including userId in the body of my POST request, is there another

问题 I've been trying to integreate Cloudinary via angular-upload into my AngularJS app. However, I have encountered this error when attempting to upload from my app: Authorization is not allowed by Access-Control-Allow-Headers At first I thought this was a grunt issue since I was using http-server to run the Cloudinary sample app, which uploaded successfully, but I have now realized this is more likely a result of using Auth0's angular-jwt implementation. This is attaching the Authorization

问题 I'm missing some sort of (most likely simple) fundamental understanding of securing a JavaScript application such as one using the VueJS framework and a service like Auth0 (or any other OAuth server/service). 1) If you create a SPA VueJS app with routes that require authentication, what stops a user from viewing your bundled code and seeing the views/templates behind that route without needing to login? 2) If you create a VueJS app that authenticates a user and sets some variable in a

问题 I just found out that I have a problem with auth0 and it relates to the auth0 configuration audience. So when I explicitly write the audience, the JWT verification failed with error The provided Algorithm doesn't match the one defined in the JWT's Header. When I don't write the audience, everything will work fine, except now everytime the token expire and user click on login link it skip the login process and immediately logged in with the previous credential. I don't want this to happen, I

问题 I was unable to find any sort of solution on integrating a working POST-request submission, using Auth0's M2M Token Client Credential Flow process, to submit a POST entry to my Django backend from my React frontend. I’ve currently fully built on a setup compromising of the following, with Auth0 somewhat fully integrated: Frontend : React Browser Setup making POST to retrieve AUTH0 token via Auth0 server. React Browser Setup using retrieved M2M Token based on JWT authentication, to execute GET

问题 I'm trying to call (POST) the Auth0 delegation endpoint from Postman with the following request, as suggested by Auth0: Content-Type: 'application/json' { "client_id": "{CLIENT_ID}", "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", "id_token": "{YOUR_ID_TOKEN}", "target": "lwTL1rYVfC0KsBUFPeKWY3HvGjbIgdDM", "api_type": "salesforce_api", "scope": "openid" } I'm getting this error, even though the grant_type parameter is included in the above request: { "error": "invalid_request",

问题 I have been reading a lot about not saving the tokens in the user agent storage and I agree with the risks mentioned. But going through some of the Auth0 quickstart examples, I see the tokens being saved in the session and using session cookies to track them. Others mention saving the actual token as an httpOnly cookie with lower risks involved. My questions are: How is that considered stateless? especially with scalability and the potential use of load balancers. Are the alternatives, memory

问题 Hi I'm trying to figure out how to use Parse.com and Auth0 together. When I setup login with Parse.com the currentUser is automatically set and I can use that user to save items specific for that user. But when I implement authentication using Auth0, Auth0 responds with the user info (Auth0 token, fb access token etc) when you perform a successful login, and of course no Parse user was created. So which steps need to be taken to make use of the 'currentUser' object provided by Parse, but use

问题 After login the auth0 redirects me back to the call back url on angular2. How can i make it go to the path that i gave to the routing without redirecting to the call back url. 回答1: I've been working through this same issue.. It seems you have a couple options. a) Use popup mode This is easy to implement but Auth0 recommends to not use this because of browser inconsistencies. (namely some IE and Chrome/Firefox on iOS) It's as simple as adding a flag to your lock options object var lockOptions