Stack overflow error in lock.js when signing up with user/password

[NiXXeD]

• Code snippet or sample project that reproduces the bug
  Not sure which code would be helpful, but I can potentially provide some.

• Screenshots when appropriate

• Lock version
  10.12.3 (though I tried many versions 10.x+)

• Browser & OS
  Chrome 56.0.2924.87 (64-bit)
  Firefox 52.0 (64-bit)
  Safari 10.0.3 (12602.4.8)
  MacOS 10.12.3 (16D32)

More info:

Some background, we were just updating from Lock 9.x to 10.x. Everything mostly working except signup with user/password. The error being provided, if related to our configuration, is very unclear. I tried a bunch of versions of 10.x, even went back as far as 10.4, but it appears going that far back made other things not work.

The error from Chrome dev console is in the screenshot above. Firefox doesn't handle it as gracefully, and mostly hangs until it shows a message asking you if you want to close the tab. Safari just hangs.

The error appears to be related to a toSnakeCase function recursing too much. I can't tell based on the error if we configured something incorrectly, but the rest of things seem to work just fine.

Either way, if we did configure this incorrectly, failing this way is probably a bug.

[hzalaz]

@NiXXeD without some info to reproduce the issue it will be near to impossible to fix. We need a sample to debug or info necessary to build one like how you are instantiating lock and the parameters you supply.

[NiXXeD]

Here are some bits, modified slightly to remove any specific details. We're roughly instantiating and wrapping it as a promise to deal with elsewhere.

let options {
    auth: {
        sso: false,
        redirect: false
    },
    theme: {
        labeledSubmitButton: false
    },
    autoclose: true,
    allowSignup: true,
    rememberLastLogin: false,
    avatar: null,
    closable: false
}
let auth0Lock = new Auth0Lock(clientID, domain, options)

return new $q((resolve, reject) => {
    // handle auth failure
    auth0Lock.on('authorization_error', err => {
        return reject(err)
    })

    // handle login success
    auth0Lock.on('authenticated', authResult => {
        auth0Lock.getUserInfo(authResult.accessToken, (err, profile) => {
            if (err) return reject(err)
            return resolve(_.merge(authResult, {profile}))
        })
    })

    // show the login form
    auth0Lock.show()
})

I'm not sure how much else you'd need/want. I've tried a whole bunch of things, but I don't see what could be causing it. I assume based on what that toSnakeCase function is doing, there's some object that has a circular reference in it somewhere.

[hzalaz]

The function is in auth0.js not in Lock and is mostly used to normalize request params thats why it was important to see your options object but looks normal. Also I doubt I'd be able to reproduce it with this snippet, since it highly possible something beyond it is contributing to the issue, but we'll give it a try.

[NiXXeD]

I'm working on getting it up into our dev environment so I can provide a URL for you to test our exact deployment. Is there a place we can chat outside of this issue (email? slack?) that I can provide this info or answer any other questions you might have?

[hzalaz]

You can submit a ticket to https://support.auth0.com and send the info there and post the ticket number here

[NiXXeD]

Ticket number #21108

[maxbeatty]

I came across this same issue today. sso: false and redirect: false options lead to here where body includes popupHandler which has a reference to Window that when processed by toSnakeCase causes the error.

From what I could gather, popupHandler is populated here based on the provided redirect option but I think it should instead use sso to dictate. I opened #915 for consideration.

[NiXXeD]

(Per the suggestion in that PR) Reverting to 10.8.1 does fix the issue for me. I will keep an eye on this issue to know when I can upgrade further. Thanks @maxbeatty!