Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v10] Enterprise connections don't strip domain from email #543

Closed
nicosabena opened this issue Aug 8, 2016 · 0 comments · Fixed by #754
Closed

[v10] Enterprise connections don't strip domain from email #543

nicosabena opened this issue Aug 8, 2016 · 0 comments · Fixed by #754
Labels
enhancement An enhancement or improvement to the SDK that could not be otherwise categorized as a new feature
Milestone
v10.8.0

Comments

@nicosabena
Copy link
Contributor

nicosabena commented Aug 8, 2016
edited by cristiandouce
Loading

Say you have an enterprise connection, with fabrikam.com set as domain (for HRD). If the user types [email protected], he will be asked to type his corporate credentials (both Lock versions will even suggest jon as the username).

If, at this moment, the user types his or her email ​_again_​ (thinking that this is the username Lock is expecting), :)

  • In Lock v9 the code automatically strips the domain (@fabrikam.com) (see https://github.com/auth0/lock/blob/v9/index.js#L1144). So, since only the username is sent in the background, authentication succeeds anyway. (By the way, this only works for the first domain of an enterprise connection).
  • In Lock v10, the whole email is sent as the username to the authentication endpoint, so the user gets an "Invalid username or password" error.

Is this difference on purpose and users should type the correct username now, or was this an omission and Lock v10 should behave like Lock v9 for this?
@woloski woloski added the bug This points to a verified bug in the code label Aug 30, 2016
@hzalaz hzalaz added the v10 label Aug 31, 2016
@cristiandouce cristiandouce changed the title Enterprise connections don't strip domain from email in v10 [v10] Enterprise connections don't strip domain from email Sep 5, 2016
@cristiandouce cristiandouce added enhancement An enhancement or improvement to the SDK that could not be otherwise categorized as a new feature and removed bug This points to a verified bug in the code labels Oct 12, 2016
@glena glena added this to the v10-Next milestone Dec 19, 2016
glena added a commit that referenced this issue Dec 19, 2016
@glena
[v10] Enterprise connections don't strip domain from email #543
8974c1d
@glena glena mentioned this issue Dec 19, 2016
Merged
hzalaz pushed a commit that referenced this issue Jan 2, 2017
@glena @hzalaz
[v10] Enterprise connections don't strip domain from email #543
b819612
@hzalaz hzalaz modified the milestones: v10-Next, v10.8.0 Jan 2, 2017
@theopak theopak mentioned this issue Jan 9, 2017
Merged
@gene1wood gene1wood mentioned this issue Aug 10, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement An enhancement or improvement to the SDK that could not be otherwise categorized as a new feature
Projects
None yet
Milestone
v10.8.0
Development

Successfully merging a pull request may close this issue.

Added flag defaultADUsernameFromEmailPrefix auth0/lock
5 participants
@woloski @cristiandouce @hzalaz @nicosabena @glena