auth0

问题 I'm setting up a REST API with Auth0 as the authentication service. Everything is working but my confidence has been a bit shaken after a rather strange occurrence. My implementation is based on the sample code here (The RS256 section) and here. The only modification being that I cast the PublicKey to an RSAPublicKey . The issue is that I wanted to be positive that the verification would fail on a bad signature. I changed the signature's last character (we'll say "x") and the token still

问题 I am creating an $auth plugin that works fine from the component using this.$auth main.js import { Auth0Plugin } from "./auth"; Vue.use(Auth0Plugin, { domain: process.env.VUE_APP_AUTH0_DOMAIN, clientId: process.env.VUE_APP_AUTH0_CLIENT_ID, audience: process.env.VUE_APP_AUTH0_AUDIENCE, onRedirectCallback: () => { router.push("/signed-in"); } }); auth/index.js import Vue from "vue"; import createAuth0Client from "@auth0/auth0-spa-js"; /** Define a default action to perform after authentication

问题 I am having a single page application hidden behind Auth0 lock, using @auth0/auth0-spa-js. I would like to test it using Cypress, so I have decided to follow the official Auth0 blog post, as well as Johnny Reilly blog post. I am able to successfully retrieve valid JWT token from auth0 using suggested request. I have no idea what to do with it :( The trouble I am facing is that both of the above approaches are relying on the app to store the JWT token locally (either in cookie or localstorage)

问题 As per instructions followed here, I'm trying to cache my endpoint URL and token from Auth0 before constructing my Apollo client: import React from 'react'; import { ApolloClient, ApolloProvider, from, HttpLink, InMemoryCache } from '@apollo/client'; import { setContext } from '@apollo/link-context'; import { useAuth0 } from './auth/AuthContext'; const App: React.FC = () => { const { isLoading, getTokenSilently, getIdTokenClaims } = useAuth0(); if (isLoading) return <Loader />; let endpoint:

问题 As per instructions followed here, I'm trying to cache my endpoint URL and token from Auth0 before constructing my Apollo client: import React from 'react'; import { ApolloClient, ApolloProvider, from, HttpLink, InMemoryCache } from '@apollo/client'; import { setContext } from '@apollo/link-context'; import { useAuth0 } from './auth/AuthContext'; const App: React.FC = () => { const { isLoading, getTokenSilently, getIdTokenClaims } = useAuth0(); if (isLoading) return <Loader />; let endpoint:

问题 I have started testing a react webapp but I didn't go far because I had issues with the login. I am using cypress e2e testing tool. A welcome page is shown with a button to login, which will redirect you to auth0 service. User is login with email and password , then is redirected back to the webapp with a token. I tried many different approach each of them resulting in a different problem. Note: I don't want to test Auth0, I just want to enter in my webapp. Attempt 1. Clicking on login button

问题 I have a web client making requests to AWS Lambda via the AWS API Gateway. I'm using AWS Cognito, alongside Auth0, to authenticate users. My question is related to the CORS response headers from the AWS API Gateway endpoint, specifically the Access-Control-Allow-Origin response header that is set to any "' * '". This article indicates the risks of using the any "' * '" parameter, namely that a 'hacker can coopt our site to request any method' on our back-end: (CORS Security link). While

问题 I am using 'passport-azure-ad-oauth2' npm module, to get an access token, which I could then pass to the MS Graph API. passport.use(new AzureAdOAuth2Strategy({ clientID: process.env.OUTLOOK_CLIENT_ID, clientSecret: process.env.OUTLOOK_SECRET, callbackURL: '/auth/outlook/callback', }, function (accesstoken: any, refresh_token: any, params: any, profile, done) { logger.info('Completed azure sign in for : ' + JSON.stringify(profile)); logger.info('Parameters returned: ' + JSON.stringify(params))

问题 Trying to get auth0 working with my electron app. When I follow the default tutorial and try to authenticate with Username-Password-Authentication, the lock fails with a 403 error and responds with "Origin file:// is not allowed". I've also added "file://*" to the Allowed Origins (CORS) section of my client settings in the auth0 dashboard. Auth0 Lock with console errors Origin file:// is not allowed EDIT: Lock setup in electron var lock = new Auth0Lock( 'McQ0ls5GmkJRC1slHwNQ0585MJknnK0L',

问题 Currently when I create my routes, I check an Auth0 method - isAuthenticated() - to determine whether or not to return a protected page or redirect to login. However, this state only exists in memory and does not keep a user on their page upon browser refresh and I would like to do so. This is a React/RR4/React Context app and my Auth0 methods are listed in Auth.js (below). It is highly inadvisable to store login state in localStorage. And if I store my Auth0 tokens in cookies, I'm not sure