Merge pull request #794 from auth0/fix-webapi

Bring back support for get profile in default mode

package.json

@@ -80,15 +80,16 @@
     "auth0-js": "8.0.4",
     "blueimp-md5": "2.3.1",
     "fbjs": "^0.3.1",
+    "idtoken-verifier": "^1.0.1",
     "immutable": "^3.7.3",
     "jsonp": "^0.2.0",
     "password-sheriff": "^1.0.0",
     "react": "^15.0.0 || ^16.0.0",
     "react-addons-css-transition-group": "^15.0.0 || ^16.0.0",
     "react-dom": "^15.0.0 || ^16.0.0",
+    "superagent": "^3.3.1",
     "trim": "0.0.1",
-    "url-join": "^1.1.0",
-    "idtoken-verifier": "^1.0.1"
+    "url-join": "^1.1.0"
   },
   "cdn-component": {
     "name": "lock",

src/core/web_api.js

@@ -20,7 +20,7 @@ class Auth0WebAPI {
     if (hostedLoginPage || !opts.oidcConformant) {
       this.clients[lockID] = new Auth0LegacyAPIClient(clientID, domain, opts);
     } else {
-      this.clients[lockID] = new Auth0APIClient(clientID, domain, opts);
+      this.clients[lockID] = new Auth0APIClient(lockID, clientID, domain, opts);
     }
   }
 
@@ -52,6 +52,10 @@ class Auth0WebAPI {
     return this.clients[lockID].getUserInfo(token, callback);
   }
 
+  getProfile(lockID, token, callback) {
+    return this.clients[lockID].getProfile(token, callback);
+  }
+
   getSSOData(lockID, ...args) {
     return this.clients[lockID].getSSOData(...args);
   }

src/core/web_api/legacy_api.js

@@ -1,12 +1,14 @@
-var IdTokenVerifier = require('idtoken-verifier');
+import IdTokenVerifier from 'idtoken-verifier';
 import auth0 from 'auth0-js';
+import request from 'superagent';
 import {normalizeError, loginCallback} from './helper';
 
 class Auth0LegacyAPIClient {
   constructor(clientID, domain, opts) {
     this.client = null;
     this.authOpt = null;
 
+    this.domain = domain;
     this.clientID = clientID;
     this.tokenIssuer = (opts.overrides && opts.overrides.__token_issuer) || `https://${domain}/`;
 
@@ -25,7 +27,8 @@ class Auth0LegacyAPIClient {
       _sendTelemetry: opts._sendTelemetry === false ? false : true,
       _telemetryInfo: opts._telemetryInfo || default_telemetry,
       __tenant: opts.overrides && opts.overrides.__tenant,
-      __token_issuer: opts.overrides && opts.overrides.__token_issuer
+      __token_issuer: opts.overrides && opts.overrides.__token_issuer,
+      _disableDeprecationWarnings: true
     });
 
     this.authOpt = {
@@ -151,6 +154,22 @@ class Auth0LegacyAPIClient {
     return this.client.client.userInfo(token, callback);
   }
 
+  // auth0.js does not supports this endpoint because it is deprecated for oidcConformat clients
+  // we implemented it here to provide BC support, we will loose it in lock 11.
+  getProfile(token, callback) {
+    request.get(`https://${this.domain}/tokeninfo?id_token=${token}`)
+            .end(function(err, res) {
+              if (err) {
+                return callback({
+                  error: err.message,
+                  error_description: res.text || res.body
+                });
+              }
+
+              return callback(null, res.body);
+            })
+  }
+
   getSSOData(...args) {
     return this.client.client.getSSOData(...args);
   }

src/core/web_api/p2_api.js

@@ -1,8 +1,11 @@
 import auth0 from 'auth0-js';
-import {normalizeError, loginCallback} from './helper';
+import * as l from '../index';
+import { getEntity, read } from '../../store/index';
+import { normalizeError, loginCallback } from './helper';
 
 class Auth0APIClient {
-  constructor(clientID, domain, opts) {
+  constructor(lockID, clientID, domain, opts) {
+    this.lockID = lockID;
     this.client = null;
     this.authOpt = null;
 
@@ -87,6 +90,11 @@ class Auth0APIClient {
     return this.client.client.userInfo(token, callback);
   }
 
+  getProfile(token, callback) {
+    const m = read(getEntity, "lock", this.lockID);
+    l.emitUnrecoverableErrorEvent(m, '`getProfile` is deprecated for oidcConformant clients');
+  }
+
   getSSOData(...args) {
     return this.client.client.getSSOData(...args);
   }