auth0 · hzalaz · May 17, 2017 · May 16, 2017 · May 17, 2017 · May 17, 2017
@@ -125,6 +125,8 @@ For this request to succeed, the user must have an active SSO session at Auth0 b
 
 > ***Important:*** this will use postMessage to communicate between the silent callback and the SPA. When false the SDK will attempt to parse the url hash should ignore the url hash and no extra behaviour is needed.
 
+> **Also important:** If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social). If you use Auth0's dev keys, you'll always get `login_required` as an error when calling `renewAuth`.
+
 It is strongly recommended to have a dedicated callback page for silent authentication in order to avoid loading your entire application again inside an iframe.
 This callback page should only parse the URL hash and post it to the parent document so that your application can take action depending on the outcome of the silent authentication attempt.
 For example:
@@ -213,7 +215,7 @@ For a complete reference and examples please check our [docs](https://auth0.com/
 
 ## Develop
 
-Run `npm start` and point your browser to `http://localhost:3000/example` to run the example page.
+Run `npm start` and point your browser to `https://localhost:3000/example` to run the example page.
 
 Run `npm run test` to run the test suite.
 

@@ -181,7 +181,7 @@ <h3>Initialize</h3><pre class="prettyprint source lang-js"><code>var auth0 = new
 <li><strong>linkUser(userId, secondaryUserToken, cb)</strong>: Link two users. https://auth0.com/docs/api/management/v2#!/Users/post_identities</li>
 </ul>
 <h2>Documentation</h2><p>For a complete reference and examples please check our <a href="https://auth0.com/docs/libraries/auth0js">docs</a> and our <a href="https://auth0.com/docs/libraries/auth0js/v8/migration-guide">Migration Guide</a> if you need help to migrate from v7</p>
-<h2>Develop</h2><p>Run <code>npm start</code> and point your browser to <code>http://localhost:3000/example</code> to run the example page.</p>
+<h2>Develop</h2><p>Run <code>npm start</code> and point your browser to <code>https://localhost:3000/example</code> to run the example page.</p>
 <p>Run <code>npm run test</code> to run the test suite.</p>
 <p>Run <code>npm run test:watch</code> to run the test suite while you work.</p>
 <p>Run <code>npm run test:coverage</code> to run the test suite with coverage report.</p>

@@ -5,7 +5,7 @@
     <script type="text/javascript">
       var auth0 = new auth0.WebAuth({
         domain: 'auth0-tests-auth0js.auth0.com',
-        redirectUri: 'http://localhost:3000/example',
+        redirectUri: 'https://localhost:3000/example',
         clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
         responseType: 'token'
       });

@@ -2,7 +2,7 @@
 <html>
   <head>
     <script type="text/javascript">
-      parent.postMessage(window.location.hash, "http://localhost:3000/");
+      parent.postMessage(window.location.hash, "https://localhost:3000/");
     </script>
   </head>
   <body></body>

@@ -5,7 +5,7 @@
     <script type="text/javascript">
       var auth0 = new auth0.WebAuth({
         domain: 'auth0-tests-auth0js.auth0.com',
-        redirectUri: 'http://localhost:3000/example',
+        redirectUri: 'https://localhost:3000/example',
         clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
         responseType: 'token'
       });

@@ -109,7 +109,7 @@ <h1>Auth0.JS playground</h1>
         <div>
           <h2>Login with database connection:</h2>
           <input class="login-username" value="johnfoo@gmail.com" />
-          <input type="password" class="login-password" value="1234" />
+          <input class="login-password" value="1234" />
           <input type="button" class="login-db" value="login" />
         </div>
 
@@ -128,15 +128,15 @@ <h2>Login with passwordless connection:</h2>
         <div>
           <h2>Login with database connection (popup):</h2>
           <input class="popup-login-username" value="johnfoo@gmail.com" />
-          <input type="password" class="popup-login-password" value="1234" />
+          <input class="popup-login-password" value="1234" />
           <input type="button" class="popup-login-db-preload" value="preload" />
           <input type="button" class="popup-login-db" value="login" />
         </div>
 
         <div>
           <h2>Login with database connection (client login):</h2>
           <input class="client-login-username" value="johnfoo@gmail.com" />
-          <input type="password" class="client-login-password" value="1234" />
+          <input class="client-login-password" value="1234" />
           <input type="button" class="client-login-db" value="login" />
         </div>
 
@@ -163,6 +163,8 @@ <h2>Renew authentication:</h2>
 
         <div>
           <h2>Login with new Login Ticket flow:</h2>
+          <input class="login-ticket-username" value="johnfoo@gmail.com" />
+          <input class="login-ticket-password" value="1234" />
           <input type="button" class="login-ticket" value="Login" />
         </div>
 
@@ -185,10 +187,9 @@ <h2>Console:</h2>
     });
 
     var webAuth = new auth0.WebAuth({
-      domain: 'luisrudge-auth0-au.au.auth0.com',
+      domain: 'brucke.auth0.com',
       redirectUri: 'https://localhost:3000/example',
-      clientID: '9ZEQtEBDEXOozlZ62q17lDFfPae6n30F', //localhost
-      //clientID: 'gPjLXENRzOnYVA0aPgwQ3jPt0cWGYs7j', //https://test-cross-auth.now.sh/
+      clientID: 'k5u3o2fiAA8XweXEEX604KCwCjzjtMU6',
       responseType: 'token',
       plugins: [
         new CordovaAuth0Plugin()
@@ -353,9 +354,10 @@ <h2>Console:</h2>
      $('.login-ticket').click(function (e) {
       e.preventDefault();
       webAuth.login({
-        username: 'test@example.com',
-        password: 'test',
-        redirectURI: 'https://localhost:3000/example/'
+        username: $('.login-ticket-username').val(),
+        password: $('.login-ticket-password').val(),
+        redirectURI: 'https://localhost:3000/example/',
+        realm: 'acme'
       }, htmlConsole.dumpCallback.bind(htmlConsole));
     });
     $(document.body).append($('<div class="loaded">LOADED</div>'));

@@ -22,6 +22,6 @@ gulp.task('dev', function () {
     if (err) {
       throw new gutil.PluginError('webpack-dev-server', err);
     }
-    gutil.log('[webpack-dev-server]', 'http://localhost:3000/example/index.html');
+    gutil.log('[webpack-dev-server]', 'https://localhost:3000/example/index.html');
   });
 });
@@ -23,6 +23,7 @@
     "ci:test": "istanbul cover _mocha --report lcovonly -R test/**/* -- -R mocha-multi --reporter-options spec=-,mocha-junit-reporter=-",
     "ci:coverage": "codecov",
     "lint": "eslint ./src",
+    "lint:fix": "eslint --fix ./src",
     "publish:cdn": "ccu",
     "release": "scripts/release.sh",
     "jsdocs": "jsdoc --configure .jsdoc.json --verbose"

@@ -28,15 +28,16 @@ function createKey(origin, coId) {
 }
 
 /**
- * Logs in the user with username and password using the cross origin authentication flow. You can use `username` or `email` as the actual username.
+ * Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
+ * This only works when 3rd party cookies are enabled in the browser. After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
  *
  * @method login
  * @param {Object} options options used in the {@link authorize} call after the login_ticket is acquired
- * @param {String} options.username username
- * @param {String} options.email email
- * @param {String} options.password user password
- * @param {String} options.realm realm
- * @param {Function} cb callback function called only when an authorization error occurs. Has the error as the only parameter.
+ * @param {String} [options.username] Username (mutually exclusive with email)
+ * @param {String} [options.email] Email  (mutually exclusive with username)
+ * @param {String} options.password Password
+ * @param {String} [options.realm] Realm used to authenticate the user, it can be a realm name or a database connection name
+ * @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`.
  */
 CrossOriginAuthentication.prototype.login = function (options, cb) {
   var _this = this;

@@ -207,6 +207,7 @@ WebAuth.prototype.validateToken = function (token, nonce, cb) {
 /**
  * Executes a silent authentication transaction under the hood in order to fetch a new tokens for the current session.
  * This method requires that all Auth is performed with {@link authorize}
+ * Watch out! If you're not using the hosted login page to do social logins, you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social). If you use Auth0's dev keys, you'll always get `login_required` as an error when calling this method.
  *
  * @method renewAuth
  * @param {Object} options
@@ -313,7 +314,8 @@ WebAuth.prototype.signup = function (options, cb) {
 };
 
 /**
- * Redirects to the hosted login page (`/authorize`) in order to start a new authN/authZ transaction
+ * Redirects to the hosted login page (`/authorize`) in order to start a new authN/authZ transaction.
+ * After that, you'll have to use the {@link parseHash} function at the specified `redirectUri`.
  *
  * @method authorize
  * @param {Object} options
@@ -381,15 +383,21 @@ WebAuth.prototype.signupAndAuthorize = function (options, cb) {
 };
 
 /**
- * Logs in the user with username and password using the cross origin authentication flow. You can use `username` or `email` as the actual username.
+ * @callback crossOriginLoginCallback
+ * @param {Error} [err] Authentication error returned by Auth0 with the reason why the request failed
+ */
+
+/**
+ * Logs in the user with username and password using the cross origin authentication (/co/authenticate) flow. You can use either `username` or `email` to identify the user, but `username` will take precedence over `email`.
+ * This only works when 3rd party cookies are enabled in the browser. After the /co/authenticate call, you'll have to use the {@link parseHash} function at the `redirectUri` specified in the constructor.
  *
  * @method login
  * @param {Object} options options used in the {@link authorize} call after the login_ticket is acquired
- * @param {String} options.username username
- * @param {String} options.email email
- * @param {String} options.password user password
- * @param {String} options.realm realm
- * @param {Function} cb callback function called only when an authorization error occurs. Has the error as the only parameter.
+ * @param {String} [options.username] Username (mutually exclusive with email)
+ * @param {String} [options.email] Email  (mutually exclusive with username)
+ * @param {String} options.password Password
+ * @param {String} [options.realm] Realm used to authenticate the user, it can be a realm name or a database connection name
+ * @param {crossOriginLoginCallback} cb Callback function called only when an authentication error, like invalid username or password, occurs. For other types of errors, there will be a redirect to the `redirectUri`.
  */
 WebAuth.prototype.login = function (options, cb) {
   this.crossOriginAuthentication.login(options, cb);

@@ -90,7 +90,7 @@ describe('auth0.WebAuth.redirect', function () {
             client_id: '0HP71GSd6PuoRY',
             connection: 'tests',
             password: '1234',
-            redirect_uri: 'http://localhost:3000/example/',
+            redirect_uri: 'https://localhost:3000/example/',
             response_type: 'id_token',
             scope: 'openid',
             tenant: 'me',
@@ -129,7 +129,7 @@ describe('auth0.WebAuth.redirect', function () {
 
       var configuration = {
         domain: 'me.auth0.com',
-        redirectUri: 'http://localhost:3000/example/',
+        redirectUri: 'https://localhost:3000/example/',
         clientID: '0HP71GSd6PuoRY',
         responseType: 'id_token'
       };
@@ -170,7 +170,7 @@ describe('auth0.WebAuth.redirect', function () {
             client_id: '0HP71GSd6PuoRY',
             connection: 'tests',
             password: '1234',
-            redirect_uri: 'http://localhost:3000/example/',
+            redirect_uri: 'https://localhost:3000/example/',
             response_type: 'token',
             scope: 'openid',
             tenant: 'me',
@@ -192,7 +192,7 @@ describe('auth0.WebAuth.redirect', function () {
 
       var configuration = {
         domain: 'me.auth0.com',
-        redirectUri: 'http://localhost:3000/example/',
+        redirectUri: 'https://localhost:3000/example/',
         clientID: '0HP71GSd6PuoRY',
         responseType: 'token'
       };

@@ -37,7 +37,7 @@ module.exports = {
     filename: '[name].js',
     library: '[name]',
     libraryTarget: 'umd',
-    publicPath: 'http://localhost:3000/'
+    publicPath: 'https://localhost:3000/'
   },
   resolve: {
     extensions: ['', '.webpack.js', '.web.js', '.js']