Support Organization Name (#1313)

auth0 · Jul 13, 2023 · 46abe61 · 46abe61
1 parent e4a1028
commit 46abe61
Show file tree

Hide file tree

Showing 10 changed files with 685 additions and 517 deletions.
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -14,21 +14,21 @@ For information on how to implement Passwordless Login with this SDK, please rea
 
 ### Log in to an organization
 
-To log in to a specific organization, pass the ID of the organization as the `organization` parameter when creating the `WebAuth` client:
+To log in to a specific organization, pass the ID, or name, of the organization as the `organization` parameter when creating the `WebAuth` client:
 
 ```js
 var webAuth = new WebAuth({
   domain: '{YOUR_AUTH0_DOMAIN}',
   clientID: '{YOUR_AUTH0_CLIENT_ID}',
-  organization: '{YOUR_AUTH0_ORGANIZATION_ID}'
+  organization: '{YOUR_AUTH0_ORGANIZATION_ID_OR_NAME}'
 });
 ```
 
 You can also specify an organization when calling `authorize`:
 
 ```js
 webAuth.authorize({
-  organization: '{YOUR_AUTH0_ORGANIZATION_ID}'
+  organization: '{YOUR_AUTH0_ORGANIZATION_ID_OR_NAME}'
 });
 ```
 
@@ -66,7 +66,7 @@ auth0.client.login(
     audience: 'https://mystore.com/api/v2',
     scope: 'read:order write:order'
   },
-  function(err, authResult) {
+  function (err, authResult) {
     // Auth tokens in the result or an error
   }
 );
@@ -86,12 +86,12 @@ auth0.client.login(
     realm: 'Username-Password-Authentication', //connection name or HRD domain
     username: 'info@auth0.com',
     password: 'areallystrongpassword',
-    onRedirecting: function(done) {
+    onRedirecting: function (done) {
       // Your custom code here
       done();
     }
   },
-  function(err, authResult) {
+  function (err, authResult) {
     // Auth tokens in the result or an error
   }
 );

diff --git a/dist/auth0.js b/dist/auth0.js
@@ -1,7 +1,7 @@
 /**
  * auth0-js v9.21.0
  * Author: Auth0
- * Date: 2023-05-24
+ * Date: 2023-07-12
  * License: MIT
  */
 
@@ -7829,7 +7829,7 @@
 	 * @param {Number} [options.leeway] number of seconds to account for clock skew when validating time-based claims in ID tokens. Defaults to 60 seconds.
 	 * @param {Number} [options.maxAge] maximum elapsed time in seconds since the last time the user was actively authenticated by the authorization server.
 	 * @param {Number} [options.stateExpiration] number of minutes for the stored state to be kept. Defaults to 30 minutes.
-	 * @param {String} [options.organization] the Id of an organization to log in to
+	 * @param {String} [options.organization] the id or name of an organization to log in to
 	 * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
 	 * @param {Array} [options.plugins]
 	 * @param {Boolean} [options.legacySameSiteCookie] set this to `false` to disable the legacy compatibility cookie that is created for older browsers that don't support the SameSite attribute (defaults to `true`)
@@ -8180,24 +8180,49 @@
 	      if (!validationError) {
 	        // Verify the organization
 	        if (transactionOrganization) {
-	          if (!payload.org_id) {
-	            return callback(
-	              error.invalidToken(
-	                'Organization Id (org_id) claim must be a string present in the ID token'
-	              )
-	            );
-	          }
+	          if (transactionOrganization.indexOf('org_') === 0) {
+	            if (!payload.org_id) {
+	              return callback(
+	                error.invalidToken(
+	                  'Organization Id (org_id) claim must be a string present in the ID token'
+	                )
+	              );
+	            }
 
-	          if (payload.org_id !== transactionOrganization) {
-	            return callback(
-	              error.invalidToken(
-	                'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
-	                transactionOrganization +
-	                '", found "' +
-	                payload.org_id +
-	                '"'
-	              )
-	            );
+	            if (payload.org_id !== transactionOrganization) {
+	              return callback(
+	                error.invalidToken(
+	                  'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
+	                    transactionOrganization +
+	                    '", found "' +
+	                    payload.org_id +
+	                    '"'
+	                )
+	              );
+	            }
+	          } else {
+	            if (!payload.org_name) {
+	              return callback(
+	                error.invalidToken(
+	                  'Organization Name (org_name) claim must be a string present in the ID token'
+	                )
+	              );
+	            }
+
+	            if (
+	              payload.org_name.toLowerCase() !==
+	              transactionOrganization.toLowerCase()
+	            ) {
+	              return callback(
+	                error.invalidToken(
+	                  'Organization Name (org_name) claim value mismatch in the ID token; expected "' +
+	                    transactionOrganization +
+	                    '", found "' +
+	                    payload.org_name +
+	                    '"'
+	                )
+	              );
+	            }
 	          }
 	        }
 
@@ -8591,7 +8616,7 @@
 	 * @param {String} [options.nonce] value used to mitigate replay attacks when using Implicit Grant. {@link https://auth0.com/docs/api-auth/tutorials/nonce}
 	 * @param {String} [options.scope] scopes to be requested during Auth. e.g. `openid email`. Defaults to `openid profile email`.
 	 * @param {String} [options.audience] identifier of the resource server who will consume the access token issued after Auth
-	 * @param {String} [options.organization] the Id of an organization to log in to
+	 * @param {String} [options.organization] the id or name of an organization to log in to
 	 * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
 	 * @param {Object} [options.appState] any values that you want back on the authentication response
 	 * @see {@link https://auth0.com/docs/api/authentication#authorize-client}
@@ -8936,7 +8961,11 @@
 	 * @param {Function} [callback] An optional completion callback
 	 * @memberof WebAuth.prototype
 	 */
-	WebAuth.prototype.renderPasswordlessCaptcha = function (element, options, callback) {
+	WebAuth.prototype.renderPasswordlessCaptcha = function (
+	  element,
+	  options,
+	  callback
+	) {
 	  return captcha.renderPasswordless(this.client, element, options, callback);
 	};
 

diff --git a/dist/auth0.min.esm.js b/dist/auth0.min.esm.js
diff --git a/dist/auth0.min.esm.js.map b/dist/auth0.min.esm.js.map
diff --git a/dist/auth0.min.js b/dist/auth0.min.js
diff --git a/dist/auth0.min.js.map b/dist/auth0.min.js.map
diff --git a/dist/cordova-auth0-plugin.js b/dist/cordova-auth0-plugin.js
@@ -1,7 +1,7 @@
 /**
  * auth0-js v9.21.0
  * Author: Auth0
- * Date: 2023-05-24
+ * Date: 2023-07-12
  * License: MIT
  */
 

diff --git a/dist/cordova-auth0-plugin.min.js b/dist/cordova-auth0-plugin.min.js
diff --git a/src/web-auth/index.js b/src/web-auth/index.js
@@ -36,7 +36,7 @@ function defaultClock() {
  * @param {Number} [options.leeway] number of seconds to account for clock skew when validating time-based claims in ID tokens. Defaults to 60 seconds.
  * @param {Number} [options.maxAge] maximum elapsed time in seconds since the last time the user was actively authenticated by the authorization server.
  * @param {Number} [options.stateExpiration] number of minutes for the stored state to be kept. Defaults to 30 minutes.
- * @param {String} [options.organization] the Id of an organization to log in to
+ * @param {String} [options.organization] the id or name of an organization to log in to
  * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
  * @param {Array} [options.plugins]
  * @param {Boolean} [options.legacySameSiteCookie] set this to `false` to disable the legacy compatibility cookie that is created for older browsers that don't support the SameSite attribute (defaults to `true`)
@@ -387,24 +387,49 @@ WebAuth.prototype.validateAuthenticationResponse = function (
       if (!validationError) {
         // Verify the organization
         if (transactionOrganization) {
-          if (!payload.org_id) {
-            return callback(
-              error.invalidToken(
-                'Organization Id (org_id) claim must be a string present in the ID token'
-              )
-            );
-          }
+          if (transactionOrganization.indexOf('org_') === 0) {
+            if (!payload.org_id) {
+              return callback(
+                error.invalidToken(
+                  'Organization Id (org_id) claim must be a string present in the ID token'
+                )
+              );
+            }
+
+            if (payload.org_id !== transactionOrganization) {
+              return callback(
+                error.invalidToken(
+                  'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
+                    transactionOrganization +
+                    '", found "' +
+                    payload.org_id +
+                    '"'
+                )
+              );
+            }
+          } else {
+            if (!payload.org_name) {
+              return callback(
+                error.invalidToken(
+                  'Organization Name (org_name) claim must be a string present in the ID token'
+                )
+              );
+            }
 
-          if (payload.org_id !== transactionOrganization) {
-            return callback(
-              error.invalidToken(
-                'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
-                transactionOrganization +
-                '", found "' +
-                payload.org_id +
-                '"'
-              )
-            );
+            if (
+              payload.org_name.toLowerCase() !==
+              transactionOrganization.toLowerCase()
+            ) {
+              return callback(
+                error.invalidToken(
+                  'Organization Name (org_name) claim value mismatch in the ID token; expected "' +
+                    transactionOrganization +
+                    '", found "' +
+                    payload.org_name +
+                    '"'
+                )
+              );
+            }
           }
         }
 
@@ -798,7 +823,7 @@ WebAuth.prototype.signup = function (options, cb) {
  * @param {String} [options.nonce] value used to mitigate replay attacks when using Implicit Grant. {@link https://auth0.com/docs/api-auth/tutorials/nonce}
  * @param {String} [options.scope] scopes to be requested during Auth. e.g. `openid email`. Defaults to `openid profile email`.
  * @param {String} [options.audience] identifier of the resource server who will consume the access token issued after Auth
- * @param {String} [options.organization] the Id of an organization to log in to
+ * @param {String} [options.organization] the id or name of an organization to log in to
  * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
  * @param {Object} [options.appState] any values that you want back on the authentication response
  * @see {@link https://auth0.com/docs/api/authentication#authorize-client}
@@ -1143,7 +1168,11 @@ WebAuth.prototype.renderCaptcha = function (element, options, callback) {
  * @param {Function} [callback] An optional completion callback
  * @memberof WebAuth.prototype
  */
-WebAuth.prototype.renderPasswordlessCaptcha = function (element, options, callback) {
+WebAuth.prototype.renderPasswordlessCaptcha = function (
+  element,
+  options,
+  callback
+) {
   return captcha.renderPasswordless(this.client, element, options, callback);
 };