New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth0-lock v11 and responseType = 'token' #403

vidaritos opened this Issue Sep 21, 2018 · 1 comment


None yet
2 participants

vidaritos commented Sep 21, 2018

I'm having the most difficult time getting the authorization flow working with Auth0.

I tried first the examples provided by the Auth0 site to integrate the authentication with my SPA, which works fine, but when I use aurelia-authentication plugin using the same config, it fails.
The flow stops at the /authorize endpoint
If I set the responseType = 'token', I get the following error in the console:
Unhandled rejection TypeError: Cannot read property 'token' of null
Other attempts:
responseType = 'token id_token' gives me this error:
Unhandled rejection Error: Only 'token' responseType is supported

responseType = 'token%20id_token' results in /authroize to return HTTP 501

If I change the line

if (typeof provider.responseType === 'string') {
opts.auth.responseType = provider.responseType;
opts.auth.responseType = provider.responseType.replace('%20', ' ');
It seems to work. /authorize then returns HTTP 200

Should the following if-statement here also include to check responseType === 'token id_token'?

if (provider.responseType === 'token'
|| provider.responseType === 'id_token%20token'
|| provider.responseType === 'token%20id_token'
) {

Or am I missing something here?

I found this auth0/lock#809, indicating responseType = 'token id_token' is now mandatory?


export default {
  endpoint: 'api',
  configureEndpoints: ['api'], 
  storageKey: 'aurelia_authentication_auth0',
  providers: {
    auth0: {
      oauthType: 'auth0-lock',
      responseType: 'token',
      clientId: 'random',
      clientDomain: '',
      lockOptions: {
        auth: {          
          audience: '',
          params: { scope: 'openid profile' },
      state: function () {
        return Math.random().toString(36).substr(2);

This comment has been minimized.


RWOverdijk commented Sep 22, 2018

Should the following if-statement here also include to check responseType === 'token id_token'?

It did, before you removed the %20 :D

provider.responseType === 'token%20id_token'

Any way, it looks like you caught a bug (or at least some icky code) there. Would you mind sending in a PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment