auth0 / node-auth0 Goto Github PK

Some parts of the code tries to access process.version which is not defined in browser (or React Native) environment, so we need to check if its defined first.

Also the library rest-facade makes the follow requirement require('url'); which won't be outside node env, not sure how to fix this properly though

Hello. In current version, method for password reset not implemented.
I debug reset page from email, and found lo/reset request, it's can be used for custom reset page.
Why it not included to library?

*body-parser 1.10.2 -> 1.15.0
*cookie-parser 1.3.5 -> 1.4.1
*debug 2.1.3 -> 2.2.0
*express 4.11.2 -> 4.13.4
*jade 1.9.2 -> 1.11.0
*morgan 1.5.3 -> 1.7.0
*serve-favicon 2.2.1 -> 2.3.0

I know I've seen a node-specific docs page for the Management API before. I can't find it now. Is it in the Readme somewhere?

you need the license text for the MIT license

In the comments for DatabaseAuthenticator.prototype.signUp it says connection is optional, however throws an error if one doesn't exist.

Is this intended behaviour? If so could the comments be updated? Thanks!

Maybe we should put this logic inside ApiError, to use like this return done(new ApiError(body)).

   if (r.statusCode.toString()[0] !== '2') {
      var message = body.detail || body.error_description || body;
      var apiError = new ApiError(message, r.statusCode);
      apiError.code = body.error;
      return done(apiError);
    }

When I say client, I mean an instance of node that cannot be trusted withe the secret key.

I would like to login, etc along the lines of what https://www.npmjs.com/package/auth0-js offers but to run outside of the browser.

CC @glena

21 error Tell the author that this fails on your system:
21 error jsdoc src/*/.js -d docs -t node_modules/latodoc -R README.md

Make Falcor API Run in port 3001 rather than port 3000 to improve compatibility with most SPAs seed projects from Auth0.

It is using auth0 widget
https://github.com/auth0/node-auth0/tree/master/examples/custom-signup

The readme's title is # Auth0 + NodeJS API Seed

A user brought this bug to my attention, it seems in the most recent v2 branch that passing parameters through auth0.getUsers does not work.

Even using the example in the documentation does not work:

// Pagination settings.
var params = {
  per_page: 10,
  page: 2
};

// Using auth0 instance.
auth0.getUsers(params, function (err, users) {
  console.log(users.length);
});

It will always return a list of every user, no matter the parameters requested.

The user did some debugging and this is where he thinks the issue resides:

Inside rest-facade's Client.js file you will find the followingrequest prototype function.

A careful reading of this function will show that unlessthis.options.query.convertCase is populated, no query params will ever be provided to the request:

Client.prototype.request = function (options, params, callback) { var headers = this.options.headers || {}; 
var selectedCase = this.options.query.convertCase; 
var queryParams = {}; 
var convertCase = null; 
var newKey = null; 
var value = null;

// If the user specified a convertion case (e.g. 'snakeCase') convert all the 
// query string params names to the given case. 
if (selectedCase) { 
convertCase = changeCase[selectedCase];

for (var prevKey in params) { 
newKey = convertCase(prevKey); 
value = params[prevKey];

// If the repeatParams flag is set to false, encode arrays in 
// the querystring as comma separated values. 
// e.g. ?a=1,2,3 
if (Array.isArray(value) && !this.options.query.repeatParams) { 
value = value.join(','); 
}

queryParams[newKey] = value; 
} 
}

var promise = new Promise(function (resolve, reject) { 
var method = options.method.toLowerCase();

// Set methods and attach the body of the request (if this is a POST request). 
var req = request[method](options.url).send(options.data);

// Add request headers. 
for (var header in headers) { 
req = req.set(header, headers[header]); 
}

// Add all the given parameters to the querystring. 
req = req.query(queryParams);

// Send the request. 
req 
.set('Accept', 'application/json') 
.end(function (err, res) { 
return err ? reject(err) : resolve(res.body); 
}); 
});

Inside the auth0 files, each endpoint sets their own options, but none
of them include convertCase, so the code to include the query params
is never executed inside the function above.

(actually, as near as I can tell, the only options that are even
respected are the ones set in TicketsManager.js, because that is the
last one setup in Auth0.js. Not 100% sure why it behaves this way)

I recognize that I could be wrong about all this, but by adding the
option in question to TicketsManager.js, I am able to have my query
parameters respected.

var TicketsManager = function (options){ 
var clientOptions = { 
headers: options.headers, 
query: { repeatParams: true, convertCase: 'snakeCase' } 
};

Zendesk Ticket: https://auth0.zendesk.com/agent/tickets/3851

Custom signup sample uses Widget

Refactor api.js to use If-Modified-Since. Some tests I've run show that performance on second requests improves by 50%

The lock referenced on https://github.com/auth0/node-auth0/tree/master/examples/nodejs-regular-webapp is version 9 and it should be version 10.

An update is needed.

Read carefully.

Remove the examples directory from this repository because it is completely unrelated to this project:

• examples/nodejs-regular-webapp is a passport-auth0 example, so it should go straight to the examples directory of passport-auth0.
• examples/nodejs-api is an express-jwt example, but because this is a general purpose library and not only for auth0, move to express-jwt/examples/auth0.

Modify the example packager/seed project/docs etc with the new links.

When creating a user via the management API the returned error object is not valid JSON.

authManager.createUser(data, function(err, responseData) { JSON.parse(err) }

Printing the error object returns this

{ [Bad Request: The user already exists.]
name: 'Bad Request',
message: 'The user already exists.',
statusCode: 400 }

Any idea why the error object can't be parsed?

Thanks.

Relay API seed project requires dotenv to work when downloaded from Auht0.com, so it should be included in the package.json file

Is this is a bad version? I have 2.3 installed.

It's not a noticeable, but by doing

api.patchUserMetadata(req.user.id,{pilot:true}, function(err){
      console.log(err);
});

api.updateUserMetadata(req.user.id,{pilot:true},function(err,user){
    console.log(err,user);
});

api.getUserMetadata(req.user.id,function(err,metadata){
  console.log(err,metadata);
});

You're actually setting, patching and retrieving the app metadata, the functionality keeps untouched but it's quite confusing because by using the API directly via the https://auth0.com/docs/api/v2#!/Users/patch_users_by_id when you set the user_metadata, you actually set the user metadata; so it seems to be a mismatch.

Should be a simple fix.

Readme of nodejs regular webapp example contains link to example hosted to heroku:
This example is deployed at Heroku at http://auth0-nodejs-webapp-sample.herokuapp.com/
But app deployed at Heroku isn't this example

setup:

const auth0ManagementClient = new ManagementClient({
  domain: auth0.account,
  token: auth0.clientId
});
const updateRes = await auth0ManagementClient.users.updateUserMetadata(params, metadata);

headers:

   { Authorization: 'Bearer w3mBrhiXGsZZZZZZZpAz2bS6VzLhOyJ',
     'User-agent': 'node.js/6.3.0',
     'Content-Type': 'application/json' }

stack trace:

at Client.request (/Users/mk/Code/action2/node_modules/rest-facade/src/Client.js:250:17)
      at Client.patch (/Users/mk/Code/action2/node_modules/rest-facade/src/Client.js:150:15)
      at UsersManager.updateUserMetadata (/Users/mk/Code/action2/node_modules/auth0/src/management/UsersManager.js:211:21)

response:

name: 'Bad Request',
message: 'Bad HTTP authentication header format',
statusCode: 400 

The error objects returned by the Node SDK seem to have less information than what is returned when calling the Authentication API directly.

How to reproduce:
Call Authentication API's /dbconnections/signup endpoint via Postman with an email that already exists in DB. The API responds with the following error:
{name: 'BadRequestError', code: 'user_exists', description: 'The user already exists', statusCode: 400}
Now perform this operation with Node SDK using same data. (Call auth0.database.signUp() where auth0 is an instance of AuthenticationClient). SDK returns following error:
{[BadRequestError] name: 'BadRequestError', message: undefined, statusCode: 400 }

Expected result:
The error message returned by SDK should contain all error information that the API returns. For example:
{[BadRequestError] name: 'BadRequestError', code: 'user_exists', description: 'The user already exists', statusCode: 400 }

This was reported by a customer: https://auth0.zendesk.com/agent/tickets/11110

Useful when library is used wrapped in another framework like Lock React Native

When I try to do:

  api.getUserMetadata('auth0|xyz', function(err, metadata) {
     ...
  })

I get this error:

{ [ApiError: Not Found] name: 'ApiError', statusCode: 404, code: undefined }

I can use patchUserMetadata but I'm not able to get the metadata.

Hi, I am currently used the node-auth0 and find it is difficult to get the user info in the user create callback:

UsersManager.prototype.create = function (data, cb) {
if (cb && cb instanceof Function) {
return this.users.create(data, cb);
}
return this.users.create(data);
};

How could I get the created user info in the cb? Thx a lot.

https://github.com/auth0/node-auth0/blob/master/examples/nodejs-api/README.md says:

This example is deployed at Heroku at http://auth0-nodejsapi-sample.herokuapp.com/ping

But it ain't.

Using node-auth 0.8.2

I may be using this method incorrectly but tried to follow the parameters mentioned in Passwordless Connections for the /users POST endpoint and I keep getting passed an error object with this message to my callback :

 ApiError: User must have one of the following identifier fields: user_id | _id | id

More details:

• The SMS is being sent via Twillio and my phone received the verification code generated by Auth0. so the Twillio connection is correctly configured on Auth0 connections.
• The user is not listed on Auth0 Dashboard for the app.
• Even if I pass an attribute user_id, id, or _id on the userParams to api.createUser this error keeps coming with the same message.

The call to api.createUser is being made like this:

    // api = new Auth0({.....})
    api.createUser({
      connection: "sms",
      email_verified: false,
      phone_number: "+541155555555"
    }, function(err, user) {
      if (err) {
        var errorstring = util.format("Error creating user : %s", err.toString());
        return res.status(500).json({
          message: errorstring
        });
      }
      res.json(user);
    });

I'll fall back to making REST calls myself, but it's really not clear anywhere in the documentation or the package on npm that this only works on v1 of the API.

Is there another project for v2? Is there a plan to have one?

At the moment the implementation of the getDelegationToken only allows for retrieving a new token using the old token. Though the Auth0 API also offers the possibility to get a new token using the refresh token, which one might get if the scope 'offline_access' is being used.

On top of that, the target is required, even though you don't always want to specify another target. Also the Auth0 API documentation allows for not specifying a target ('none' in the dropdown).

I've created a fork in which i've fixed these two issues. I can create a pull request for this, just let me know.

It doesn't appear that the link/unlink methods are available via this API. Will they be added?

Otherwise, queries with Lucene-reserved symbols such as + will fail (returns empty result set).

SDK should return the info that Auth0 returns on HTTP headers about rate limiting, so calling program can dynamically adjust the rate at which it makes subsequent API calls (that are rate limited)

Here is the documentation on what programs are supposed to do:
https://auth0.com/docs/rate-limits

SDK should return the info to enable that.

Currently, if a client is created with clientSecret and clientID access token is not saved. So, for each of the API calls a new token is retrieved.

This can be improved by saving the access token and keep using it till expires instead of requesting a new one each time.

The example node-js-api does not implement the node-auth0 library.

Hello. If use this package in browser (actual for universal/isomorphic apps), it's set user agent header, that doesnt allowed in browser. You can find correct headers for browser https://lists.w3.org/Archives/Public/public-bpwg/2009Feb/0001.html

Web app seed project readme is missing an instruction, tell the user to run "npm install"

It took me a couple of minutes to figure out that there is no readme-like documentation on the API. I remembered reading docs on how to create a user through the node API only a couple of days ago, but it seems the recent updates have changed things around. That's no biggie, but perhaps you could explicitly refer users to the examples until proper docs are written.

Btw, I know you have a link to the examples in the readme, but I was explicitly looking for docs since I remembered reading those.

Change Password API has an optional password parameter. If given, auth0 sets user password to this provided password after user clicks on the link received in email. If not given, user clicks on the email receive, enters his new password and then auth0 updates user password to this new password.

Nodejs sdk changePassword API password input is mandatory though. There is a separate method requestChangePasswordEmail to let user reset password after clicking link in received email.

Is there any specific reason for doing this way? Seems not consistent with the API docs and behavior of auth0 server.

The "grant_type" parameter is required by the underlying method, but is removed in the "translatedData" map at line 351 of index.js.

As a result, it'll never work ;)

Seed project uses express 3, it should be updated to use express 4.
Seed project uses deprecated version of express-jwt, should be updated to latest version (currently 3.3.0)

I am using Auth0 and I have integrated it with Plain link so Auth0 Lock UI is rendering from that link so for this I have to set rememberLastLogin to false.

Anyone Having idea how to pass this parameter with link.

Thanks, Mit

I was trying to use a parallel job to grab pages of users, it turns out you can't send in a page number option as I would have expected because it just gets removed in favor of "nextPageLink". I want to be able to grab page number X as I would have expected from the API docs https://auth0.com/docs/api/v2#!/Users/get_users.

lib/api.js

api.getUsers = function(accessToken, options, done) {
...
    if(options.page){
      nextPageLink = options.page;
      delete options.page;
    }

When specifying a query using the "q" parameter to getUsers (along with search_engine: "v2"), I am getting back all results instead of the results I expect according to the q value. After tracing through exactly what URL is being requested, I believe the problem is due to this commit:

eeb8b21

The "q" parameter is being encoded here, but further down the line the params object is being passed to qs.stringify, which encodes it again.

If I remove the three lines of code that encode "q" I get the results I expect.

I tried to call the impersonate call in the v2 branch and I always get a 401. Looking at the code and at the documentation, it looks like it is missing the Bearer header.