Add transaction manager to passwordlessLogin and login #731
Conversation
luisrudge
changed the title
|
Any updates as to when this might be released? |
|
We still have a few outstanding issues we want in the next release. It's either tomorrow or next week. |
| @@ -651,18 +666,33 @@ WebAuth.prototype.login = function(options, cb) { | |||
| * @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`. | |||
| */ | |||
| WebAuth.prototype.passwordlessLogin = function(options, cb) { | |||
| var params = objectHelper | |||
There was a problem hiding this comment.
You are doing the exact same thing on the WebAuth.prototype.login method. Maintaining this would be a PITA. Why not moving this to a helper method?
There was a problem hiding this comment.
We use that a bunch of different places, so I feel this should be tackled in a bigger refactor on how we handle transactions. Tracking: #740
| @@ -1782,7 +1782,11 @@ describe('auth0.WebAuth', function() { | |||
| credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
There was a problem hiding this comment.
I can't seem to find this http://auth0.com/oauth/grant-type/passwordless/otp value anywhere in docs. Can you please point me to a doc where this is mentioned?
| @@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
| credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
| realm: 'email', | |||
| username: '[email protected]', | |||
| otp: '123456' | |||
| otp: '123456', | |||
| clientID: '...', | |||
There was a problem hiding this comment.
Reading the PR description, what was missing originally was the state/nonce generated values.
- Why are
clientID, responseType, redirectUripassed now then? If they are NOT required I see no point on passing them down. - Like I mentioned, the PR talks about state and nonce, but tests only check that
stateis being set. You might want to expect anonce=randomNoncesomewhere too, right?
There was a problem hiding this comment.
We allow people to override most of the options in all most of the methods, that's why I added all the options that you can pass to authorize, except responseMode.
There was a problem hiding this comment.
Alright with (1). Solve (2) and I'll approve.
| @@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
| credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
| realm: 'email', | |||
| username: '[email protected]', | |||
| otp: '123456' | |||
| otp: '123456', | |||
| clientID: '...', | |||
| @@ -1806,7 +1810,11 @@ describe('auth0.WebAuth', function() { | |||
| credentialType: 'http://auth0.com/oauth/grant-type/passwordless/otp', | |||
| realm: 'email', | |||
| username: '[email protected]', | |||
| otp: '123456' | |||
| otp: '123456', | |||
| clientID: '...', | |||
test/web-auth/web-auth.test.js
Outdated
| @@ -1754,7 +1754,8 @@ describe('auth0.WebAuth', function() { | |||
| clientID: '...', | |||
| redirectUri: 'http://page.com/callback', | |||
| responseType: 'code', | |||
| _sendTelemetry: false | |||
| _sendTelemetry: false, | |||
| nonce: 'the-nonce' | |||
There was a problem hiding this comment.
You shouldn't be setting the nonce value yourself. The PR description clearly states that what was broken is "state/nonce were not being auto generated". Please DO check that the nonce is present but don't manually set it.
There was a problem hiding this comment.
I think this line is already doing some of that
auth0.js/test/web-auth/web-auth.test.js
Line 27 in f6e2227
There was a problem hiding this comment.
you're right. I switched to id_token since it's the only case where it generates the nonce.
This fixes an issue that state/nonce were not being auto generated in popup mode.
fix #730