38786 (7) [Avatar] Offline
Once I had Auth0 configured I ran into a couple problems getting the authentication to work. I tried getting this working with Google, other providers may work differently.

1) The first issue involved an error message in the console about Access-Control-Allow-Origin. If you search Auth0 they punt and say its a google issue and give you a link to stackoverflow. https://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err
Fixed this by editing my host file to have a domain name instead of localhost or in my URL. Be sure you change you update Auth0 configuration for your client / default app to allow your url plus port number the allowed callback URLs and Allowed Web Origins fields otherwise it will continue to fail.

2) Once the above was fixed I tried logging in and I'd get the Auth0 login UI say there was an error and an alert telling me the same thing. When I looked in the logs in Auth0, they were claiming that the login was successful. I messed around in the code provided for the user-controller to print out some extra information where the error was happening. I was able to get a stack trace with something in lock9 - I tried to debug a bit in there, but it was pretty clear that by the time I hit a debug point it was deep into some error handling code and not too happy about it and basically had very little useful information.

I searched for Auth0 lock 9 and found the documentation on it https://auth0.com/docs/libraries/lock/v9. It immediately tells you that v9 is deprecated and you should switch to v11 immediately. In index.html I changed the lock script refernce to https://cdn.auth0.com/js/lock/11.3.1/lock.min.js and was able to log in via the Auth0 UI widget. I also confirmed in the logs on Auth0.com that it was a successful login.

This sounds great, but its not all roses - there is a pretty significant change to the way the code in lock 10 and 11 works vs v9. Even though I was able to log in successfully, none of the updates to the UI were being triggered. The login button isn't hidden, the logout button isn't shown, name and profile pic aren't shown etc. Essentially it looks like most of user-controller.js needs to be rewritten to use lock 11. The upside is that there seems to be some good documentation for this here https://auth0.com/docs/libraries/lock/v11

I haven't done this step yet and haven't moved past 5.2.6 yet so I don't know if this is a viable solution for future work. If I get a working user-controller.js that seems viable for lock 11 and the exercises moving forward I'll post it here.

I am really not enjoying using Auth0 and if it continues to be an out of date PITA I am going to be pretty frustrated and annoyed - I'm talking to you Manning and Sbarski. I wanted to do some learning on AWS Serverless and I'm doing more stuff with other technologies and their struggles than with what I wanted - that is crap and doesn't make me excited to buy another Manning book or another Sbarski book.</rant>
38786 (7) [Avatar] Offline
Here is the user-controller I created to use for the rest of the book. You'll need to set an "audience" on line 34 to get JWT tokens back from Auth0. I never was able to get the Delegation Tokens in section 5.4 working, I think it might have been an issue with the API / client setup in Auth 0. Auth 0 was returning RS256 JWT tokens when I needed HS256 signed tokens to make things work with the code in the book and on AWS. After many hours of trying to debug that functionality I decided it wasn't worth the continued waste of time and moved on without that functionality.

There are log statements that are turned on in the controller that should give a bit more information about what is going on in case you are having trouble with the authentication.

Hopefully the controller is helpful if you are blocked here.