Updating to Auth0 lock v.11.0.1 (OIDC conformance)

[maxipesfix]

Since I wasn't able to make the original example work with Auth0Lock v.9 I updated the code of user-controller.js, Lambda, and Gateway API mapping to be conforming to Auth0Lock v.11.0.1 (OIDC).

Specifically the changes stem from the new API for user profile: /userinfo, which uses accessToken instead of idToken. Therefore I modified the js to pass both idToken and accessToken to Lambda, since idToken is still needed for jwt.

https://auth0.com/docs/api/authentication#user-profile

[pmrubenrao]

Well the changes done by maxi works like a charm..thanks..!!

[corhyam]

@maxipesfix @pmrubenrao Hello, may I ask some questions? I used the code of maxipesfix, but I still could not success. I would like to know why. After logging in, both ID token and access token were obtained, but the user-profile still reported CORS error. I have tried to resolve the issue for weeks, but I have not been able to find a solution.

[pmrubenrao]

cant comment without looking into the code.
could you share your version ?

[corhyam]

@pmrubenrao Thank you for your reply. Please forgive me for my bad English. I’m a student, I do not have deep skills, so I want to follow this book to learn and do some demos. Maybe the books content are out of date , I'm always in trouble. At first, I followed the progress of the book to study Chapter 5, but I found no way to implement it. Later, I followed the issues to make modifications, but I still could not solve it, as CORS exceptions would always appear.
#9
I saw that you checked the code of maxipesfix, so I forked his code and modified the content of config.js to redeploy it, but it still didn't work.
Both the ID token and the Access token are obtained, but the CORS problem occurs whenever the user-profile button is clicked.
'http://127.0.0.1:8100' has been blocked by CORS policy: Request header field accesstoken is not allowed by Access-Control-Allow-Headers in preflight response.

I try to test lambda function.
curl --header "Authorization: <id_token>"
{"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJhbGciOi****

Because many contents of the book are out of date, I have been confused for a long time unable to deal with, so I take the liberty to ask you questions, thank you in advance.
https://github.com/maxipesfix/serverless-architectures-aws/tree/master/chapter-5

[pmrubenrao]

I do face these issues while replicating this module.
from what I remember is that you need to add the accessToken in the Access-Control-Allow-Headers while enabling the CORS in the user-profile API Gateway.

[corhyam]

Thank you so much for solving my problem. I've been trying to make changes in the module again and again, but I've never added accessToken in the header.