Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
angular-lock
Advanced tools
This module provides a thin wrapper for version 11 of Auth0's Lock widget.
Note: angular-lock version 2.0 is meant to be used with Auth0Lock version 11.16.2 or higher. Please ensure you have auth0.js v8 or higher loaded as well.
Bower
bower install angular-lock
Ensure that both Auth0Lock and angular-lock are loaded on the page.
<script src="bower_components/auth0-lock/build/lock.js"></script>
<script src="bower_components/auth0.js/build/auth0.js"></script>
<script src="bower_components/angular-lock/build/angular-lock.js"></script>
Bring in the auth0.lock
module.
var app = angular.module('myApp', ['auth0.lock']);
Configure Auth0Lock by using lockProvider
. If you haven't done so yet, sign up for Auth0, create a client app, and get your clientID and domain. To learn more about Auth0Lock's API and the options it takes, see the API documentation and the list of customization options.
app.config(function(lockProvider) {
lockProvider.init({
clientID: AUTH0_CLIENT_ID,
domain: AUTH0_DOMAIN,
options: LOCK_OPTIONS
});
});
With Lock versions > 10.9 (and thus auth0.js versions > 8.0), the id_token
must be signed with the RS256 algorithm. You may choose to skip id_token
verification if you need to use HS256 as the signing algorithm.
app.config(function(lockProvider) {
lockProvider.init({
clientID: AUTH0_CLIENT_ID,
domain: AUTH0_DOMAIN,
options: {
_idTokenVerification: false
}
});
});
See the auth0.js migration guide for more information.
Use lock
in the run
block, in a service, or in a controller. For example, show the Auth0Lock widget from a controller and associated view.
app.controller('loginController', function(lock) {
var vm = this;
vm.lock = lock;
});
<div ng-controller="loginController as login">
<button ng-click="login.lock.show()">Log In</button>
</div>
Then, set up a listener for the authenticated
event.
app.run(function(lock) {
// For use with UI Router
lock.interceptHash();
lock.on('authenticated', function(authResult) {
localStorage.setItem('id_token', authResult.idToken);
lock.getProfile(authResult.idToken, function(error, profile) {
if (error) {
console.log(error);
}
localStorage.setItem('profile', JSON.stringify(profile));
});
});
});
Auth0 helps you to:
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.
FAQs
Angular wrapper for Lock
We found that angular-lock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 35 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.