Enonic version: 6.13.1
There seems to have been some updates with the Auth0, and the application isent working for me. I suspect it is because of this:
We’re continually improving the security of our service. As part of this, we are deprecating a set of APIs (/usernamepassword/login, /ssodata, tokeninfo, /delegation) used by Lock.js v8, v9, and v10 and and auth0.js, v6, v7, and v8. You should update your applications by April 1, 2018.
more info about the issues
I wanted to try to upgrading lock.js to see if this would solve the issues, but I’m not able to build.
FAILURE: Build failed with an exception.
Build file 'C:\Enonic\sourcecode\app-auth0-idprovider\build.gradle' line: 18
* What went wrong:
A problem occurred evaluating root project 'auth0idprovider'.
> Failed to apply plugin [id 'com.enonic.defaults']
> Could not create an instance of type com.enonic.defaults.DefaultsExtension_Decorated.
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.
Total time: 4.891 secs
apply plugin: 'com.enonic.defaults' from build.gradle resolves the issue, but I’m guessing that is not a good solution?
Thanks for reporting the problem
- Yes, the application is using the v10 and we will migrate the ID Provider.
- The plugin “com.enonic.defaults” is not necessary and will not have any impact on the application.
I will look at the build and see why it fails
- But about your problem. Is your account a new account?
Maybe some legacy endpoints like “Legacy Lock API” are disabled: https://manage.auth0.com/#/tenant/advanced
I will look at it and come back to you with more information
Yes, this is using a new account.
The Legacy Lock API option is not available in my dashboard, which might be related to this being a new account. According to the docs the “Legacy Lock API” option would be disabled by force on April 1, 2018 – so it would only have been temporary.
I get multiple errors, the first one being
as the SSOdata endpoint has been removed.
This leads on to some CORS errors
Even though I have configured "Allowed Origins (CORS)” seemingly correctly. Which is why I think this is a symptom to the first error
I’ve tried upgrading the lock.js, but it seems to be needing some more work to fix this
Yes, I tried with a new account & tenant and, as you described, the legacy APIs are not available.
That explains the problems you are experiencing.
But yes, the migration is not as simple as a version upgrade.
There has been many breaking changes both for the front and back ends. And the backend library used seems to not be maintained anymore.
The focus right now is on 6.14, but I am planning to work on the Auth0 migration at the end of next week. We will then release a version 2.0.
Is there any news on the Auth0 app?
Yes. There were higher priority tasks to solve first but we are now working on the migration.
The login is solved but we are still missing the SSO feature and we do not retrieve the full profile as before.
If you want to test the version in development:
I will post in this topic when the final version is released.
Again some unexpected delay. Sorry about that.
But the final version is now released on the market. You can test it.
Compared to the alpha version linked above:
- The SSO has been fixed.
- The user profile retrieved still does not contain all the information that it did before. I can copy a list of the new/remaining/obsolete properties if you need.
- The version 2.0.1 also solves an existing bug (incorrect redirection URL) that appeared with Enonic XP 6.10.
Again, do not forget to fill the new field “Allowed Web Origins” in your Auth0 Client Settings before upgrading.