auth0

问题 When we're building our Angular SPA for localhost it works perfectly. On our dev environment, this error creeps into the DevTool console and breaks everything: ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'digest' of undefined TypeError: Cannot read property 'digest' of undefined at N (auth0-spa-js.production.js:1) at ie.<anonymous> (auth0-spa-js.production.js:1) at Generator.next (<anonymous>) at auth0-spa-js.production.js:1 at new ZoneAwarePromise (zone-evergreen.js

问题 I am developing an ASP .Net Core 1.1 MVC web app which calls a web API using the "Authorization Code Grant Flow". I am using Auth0 for the authentication server. Following the Auth0 tutorials, at the point the user has successfully logged in to the web app, and now does something that makes the web app call upon the web api, it says I should get the access token as follows: public async Task<IActionResult> Index() { string accessToken = User.Claims.FirstOrDefault("access_token")?.Value; if

问题 I am trying to implement Auth0 JWT-based authentication in my Django REST API using the django-rest-framework. I know that there is a JWT library available for the REST framework, and I have tried using it because the official Auth0 twitter account mentioned that it should work well with auth0 + Django. EDIT : I am using the official auth0 python api guide for this code. It's written for flask, but I figured I could just port it to Django seeing as they work similarly. Now, that didn't work

问题 I'm currently using Auth0 (and an Angular 2 GUI), which sends a header of the type "x-xsrf-token" in the request to a Spring Boot API. I get the error: "XMLHttpRequest cannot load http://localhost:3001/ping. Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight response." This is fair enough as the list of Access-Control-Response-Headers in Response Headers does not include x-xsrf-token (when debugging the request in the network tab in Chrome). I have

问题 Auth0 provide extensive list of resources describing best practices for the authentication. Among them there's a constant stream of advice not to use localStorage as a mean to store (JWT) tokens. https://auth0.com/docs/security/store-tokens#don-t-store-tokens-in-local-storage https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTML5_Security_Cheat_Sheet.md#local-storage https://github.com/auth0/docs/issues?utf8=%E2%9C%93&q=localstorage I've found several issues with those points

问题 I'm developing an application in ASP.NET Core 2.1, and running it on a Kubernetes cluster. I've implemented authentication using OpenIDConnect, using Auth0 as my provider. This all works fine. Actions or controllers marked with the [Authorize] attribute redirect anonymous user to the identity provider, they log in, redirects back, and Bob's your uncle. The problems start occurring when I scale my deployment to 2 or more containers. When a user visits the application, they log in, and

问题 After updating the Auth0 login sample to use HashLocationStrategy in app.module.ts : import { LocationStrategy, HashLocationStrategy } from '@angular/common'; // (...) @NgModule({ providers: [ {provide: LocationStrategy, useClass: HashLocationStrategy}, appRoutingProviders, AUTH_PROVIDERS ], //(...) The Auth0 Lock authenticated event is not raised anymore: import { Injectable } from '@angular/core'; import { tokenNotExpired } from 'angular2-jwt'; // Avoid name not found warnings declare var

问题 I am looking to use Auth0 as the authentication provider for ServiceStack. There is a great sample application documented at Auth0 which applies & works well when working with ServiceStack and using ServiceStack.Host.MVC: https://auth0.com/docs/quickstart/webapp/servicestack/01-login. However, I am at a loss how to construct the authorization URL and redirect the user to that URL in a scenario where I am NOT using MVC & the AccountController to redirect the user. How can I construct the

问题 We currently user AuthO as a platform to allow for google login and sign up on our site, but I want to start using the google one tap login https://developers.google.com/identity/one-tap/web/overview Is there a way for us to be able to set up the one tap log in while continuing to use Auth0 as a platform? The idea is to not have an external connection into google's identity and login/sign up features outside of our standard infrastructure. 回答1: Came across this looking for the same answer,

问题 I use an authentication service Auth0 to allow users to log into my application. The application is a Q&A platform much like stackoverflow. I store a user profile on my server with information such as: 'about me', votes, preferences, etc. When new user signs in i need to do 1 of 2 things: For an existing user - retrieve the user profile from my api server For a new user - create a new profile on the database After the user signs in, Auth0(the authentication service) will send me some details