-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth0.refreshToken() is gone #15
Comments
It looks like But it seems to need a callback URL which involves loading the Ionic SPA in an iframe and communicating back to the main frame:
I'm not sure how best to proceed... When the Ionic/Auth0 JS code runs on the mobile device it's host will be So you'd need to have a webserver running that can serve the callback page used by With this new API I don't see how it can all be handled on the local device without loading the entire Ionic App again in the iframe. I'm still wrapping my head around this and would love any suggestions. |
@saschwarz - I ran into the exact same concern. Ionic is primarily a hybrid mobile app tech, but can be used as pure web too. In my case we want the same code to be used for both. So for refresh tokens on devices we're just hitting the Auth0 https://auth0.com/forum/t/ionic-2-quickstart-old-auth0-dependencies/5688 |
@brassier thanks a lot for the feedback! I went through the links in that discussion and it seems I can't use the auth0 v8 API directly. IIUC you're saying I should use I found the API docs for it: https://auth0.com/docs/api/authentication?http#delegation In this scenario do I only need to provide This seems to imply so (and adds |
I'm no expert on this, but your take on it is similar to mine. Just use HTTP to hit this delegation endpoint. Likely not the most secure of options, but it may be the best option for now. The inputs you mention are the same as what I'm requesting, except that I also request a |
I would love to see the Cordova SDK expanded to include the refresh token to avoid confusion. Switching back between the Cordova SDK, auth0.js, and the API is incredibly confusing and wastes a lot of investigation time when you don't realize that certain parts of the SDKs are missing and calls in auth-0.js aren't appropriate for mobile app scenarios - but the auth0.js SDK is included in the example! |
We found that the suggested Ionic and Auth0 integration changed quite a bit since this issue was opened, likely due to the Auth0 OIDC conformant push. We are no longer doing refresh tokens on the web side, only on the native side (for security reasons). We are also doing PKCE for native via the Auth0 cordova sdk, and a SPA workflow for pure-web. We effectively have two different authentication approaches in the same app: 1 for web, 1 for native. Seems to work fine though, and likely more secure than the other approach. For documentation, the Cordova/PKCE approach is documented in the latest ionic quickstart. A web version can be found by looking at the Angular 2 quickstart. |
This code no longer TS compiles due to the change in the Auth0 API that removed the
refreshToken
method:https://github.com/auth0-samples/auth0-ionic2-samples/blob/master/01-Login/src/services/auth/auth.service.ts#L158
Is there an example of using
auth-0.js
to background refresh a token like this sample did? I've looked through the other samples and haven't found it yet.The text was updated successfully, but these errors were encountered: