Merge pull request #7 from tacomanator/master

Fixes #6 removes auth0 hard coding in user_id (but defaults to auth0 if not present)

Auth0Token.js

@@ -12,7 +12,7 @@ var Auth0Token = function() {
       bodyInput = {
         email: this.email,
         iss: this.issuer,
-        sub: "auth0|" + this.userId,
+        sub: this.userId,
         aud: this.clientId,
         exp: now + 60 * 60 * 24 * 7,
         iat: now
@@ -21,6 +21,11 @@ var Auth0Token = function() {
       ? { b64: jsrassign.b64utob64(this.clientSecret) }
       : this.clientSecret;
 
+    // provider should be included in userId, but assume auth0 if not
+    if (bodyInput.sub.split("|").length === 1) {
+      bodyInput.sub = "auth0|" + bodyInput.sub;
+    }
+
     return (
       "Bearer " + jsrassign.jws.JWS.sign(null, headerInput, bodyInput, secret)
     );

README.md

@@ -8,10 +8,10 @@ This project was created to help simplify testing our API with paw, authenticati
 
 You will need your app's `clientId` and `clientSecret` in order to sign the token properly. You can get these from your dashboard.
 
-You will also need your account's issuer, typically, `https://<accountName>.auth0.com/`. 
+You will also need your account's issuer, typically, `https://<accountName>.auth0.com/`.
 
-> **IMPORTANT:** You _**MUST**_ include a trailing `/` in the issuer or it will not be valid
+> The trailing slash `/` in the issuer may be required, depending on your setup
 
-Finally, to login as a specific user, you will need their `userId` and thier `email`
+Finally, to login as a specific user, you will need their `userId` (`email` is optional). The provider portion of the `userId` should be included.
 
-To utlize the token, create a header, and as the value, use `Auth0 Authorization Token`
+To utilize the token, create a header, and as the value, use `Auth0 Authorization Token`