Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make cross origin authentication the default in OIDC mode #1124

Merged
merged 1 commit into from
Sep 27, 2017
Merged

Make cross origin authentication the default in OIDC mode #1124

merged 1 commit into from
Sep 27, 2017

Conversation

luisrudge
Copy link
Contributor

No description provided.

@luisrudge luisrudge added this to the v10-Next milestone Sep 27, 2017
@luisrudge luisrudge merged commit a76e9c7 into master Sep 27, 2017
@luisrudge luisrudge deleted the revert-1044-feature-add-cross-auth-flag branch September 27, 2017 00:48
@luisrudge luisrudge modified the milestones: v10-Next, v10.22.0 Sep 27, 2017
@petetnt
Copy link
Contributor

petetnt commented Oct 10, 2017
edited
Loading

Hi,

Any reason why this wasn't a SemVer major change or does the Lock not follow semver in the first place (in which case my bad 👍 )? AFAIK the oicdconformance flag only sort of working wasn't really implied in the popup mode before this (as stated in https://community.auth0.com/answers/9815/view).

Thanks!

@luisrudge
Copy link
Contributor Author

We follow semver, but oidcConformant was never documented. The first documented and supported version is this one with cross origin authentication.

@petetnt
Copy link
Contributor

petetnt commented Oct 10, 2017
edited
Loading

Thanks for the explanation @luisrudge. Was just pretty confused as it's used in (for example)

lock/support/index.html

Line 19 in 16cbf99

oidcConformant: true,

and

https://github.com/auth0-samples/auth0-react-samples/blob/embedded-login/01-Embedded-Login/src/Auth/Auth.js#L8

and the supplied samples wouldn't work without it because they contain auth.audience option (which we require too).

@luisrudge
Copy link
Contributor Author

Indeed we got a bit ahead of ourselves with the samples. Truth is that it was a huge coordinated effort to release the whole feature and we got a bit out of sync with the samples. In any case,
you wouldn’t find a piece of documentation about it. I understand your frustration and I’m sorry things turned out like this for you.
We thought we didn’t need to release a new major because it wasn’t actually documented, although there was a few samples around with it.

Did you find any particular issues with cross origin authentication? I mean, apart from having to enable stuff in the dashboard?

@petetnt
Copy link
Contributor

petetnt commented Oct 10, 2017
edited
Loading

Only issue we are running into is mainly echoing https://community.auth0.com/answers/9872/view, I don't think there's any way to develop/test under localhost with the current scheme (with some sort of I understand that this might not be safe nor comformant clause if necessary)?

The undertaking is understandably huge and we ❤️ the work you do at Auth0! And no worries, my confusion today when things stopped working for a while is nothing compared to trying to do these things from scratch myself.

@luisrudge
Copy link
Contributor Author

Thanks for the kind words ❤️

Not sure what you mean about not being able to develop locally. Cross Origin Authentication works just fine locally.

@petetnt
Copy link
Contributor

petetnt commented Oct 10, 2017

Ach, my bad. It seems that it was due to unrelated issues with Delegated Admin not supporting oicd comformancy. Thanks a ton for help!

@luisrudge
Copy link
Contributor Author

no problem. I'm glad you figured it out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaguiarz aaguiarz aaguiarz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v10.22.0
Development

Successfully merging this pull request may close these issues.
3 participants
@luisrudge @petetnt @aaguiarz