auth0-lock

Package Overview

Dependencies

Maintainers

Versions

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

auth0-lock - npm Package Compare versions

Comparing version 11.34.2 to 11.35.0

.github/workflows/codeql.yml

EXAMPLES.md

lib/__tests__/engine/passwordless/social_or_email_login_screen.js

lib/__tests__/engine/passwordless/social_or_phone_number_login_screen.js

opslevel.yml

.eslintrc.json

		@@ -9,7 +9,7 @@ {
		"rules": {
		"react/display-name": 0,
		"react/prop-types": 1,
		"react/no-find-dom-node": 1,
		"react/no-string-refs": 1,
		"react/no-danger": 2
		"react/display-name": "off",
		"react/prop-types": "warn",
		"react/no-find-dom-node": "warn",
		"react/no-string-refs": "warn",
		"react/no-danger": "error"
		},
		@@ -16,0 +16,0 @@ "plugins": ["react"],

lib/__tests__/connection/passwordless/passwordless.js

		@@ -55,3 +55,4 @@ 'use strict';
		startPasswordless: jest.fn(),
		passwordlessVerify: jest.fn()
		passwordlessVerify: jest.fn(),
		getPasswordlessChallenge: jest.fn()
		};
		@@ -95,3 +96,4 @@ });
		return false;
		})
		}),
		passwordlessCaptcha: jest.fn()
		};
		@@ -98,0 +100,0 @@ });

lib/connection/captcha.js

		@@ -35,8 +35,11 @@ 'use strict';
		* @param {Number} id
		* @param {Boolean} isPasswordless Whether the captcha is being rendered in a passwordless flow
		*/
		function showMissingCaptcha(m, id) {
		var captchaConfig = l.captcha(m);
		var isPasswordless = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;

		var captchaError = captchaConfig.get('provider') === 'recaptcha_v2' ? 'invalid_recaptcha' : 'invalid_captcha';
		var captchaConfig = isPasswordless ? l.passwordlessCaptcha(m) : l.captcha(m);

		var captchaError = captchaConfig.get('provider') === 'recaptcha_v2' \|\| captchaConfig.get('provider') === 'recaptcha_enterprise' ? 'invalid_recaptcha' : 'invalid_captcha';

		var errorMessage = i18n.html(m, ['error', 'login', captchaError]);
		@@ -57,2 +60,3 @@
		* @param {Object} params
		* @param {Boolean} isPasswordless Whether the captcha is being rendered in a passwordless flow
		* @param {Object} fields
		@@ -62,5 +66,5 @@ *
		*/
		function setCaptchaParams(m, params, fields) {
		var captchaConfig = l.captcha(m);
		var isCaptchaRequired = captchaConfig && l.captcha(m).get('required');
		function setCaptchaParams(m, params, isPasswordless, fields) {
		var captchaConfig = isPasswordless ? l.passwordlessCaptcha(m) : l.captcha(m);
		var isCaptchaRequired = captchaConfig && captchaConfig.get('required');

		@@ -85,6 +89,17 @@ if (!isCaptchaRequired) {
		* @param {number} id The id of the Lock instance.
		* @param {Boolean} isPasswordless Whether the captcha is being rendered in a passwordless flow.
		* @param {boolean} wasInvalid A boolean indicating if the previous captcha was invalid.
		* @param {Function} [next] A callback.
		*/
		function swapCaptcha(id, wasInvalid, next) {
		function swapCaptcha(id, isPasswordless, wasInvalid, next) {
		if (isPasswordless) {
		return _web_api2.default.getPasswordlessChallenge(id, function (err, newCaptcha) {
		if (!err && newCaptcha) {
		(0, _index3.swap)(_index3.updateEntity, 'lock', id, l.setPasswordlessCaptcha, newCaptcha, wasInvalid);
		}
		if (next) {
		next();
		}
		});
		}
		return _web_api2.default.getChallenge(id, function (err, newCaptcha) {
		@@ -91,0 +106,0 @@ if (!err && newCaptcha) {

lib/connection/database/actions.js

		@@ -60,3 +60,3 @@ 'use strict';
		var fields = [usernameField, 'password'];
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, false, fields);

		@@ -81,3 +81,3 @@ if (!isCaptchaValid) {
		var wasInvalid = error && error.code === 'invalid_captcha';
		return (0, _captcha.swapCaptcha)(id, wasInvalid, next);
		return (0, _captcha.swapCaptcha)(id, false, wasInvalid, next);
		}
		@@ -119,3 +119,3 @@

		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, false, fields);
		if (!isCaptchaValid) {
		@@ -163,3 +163,3 @@ return (0, _captcha.showMissingCaptcha)(m, id);

		(0, _captcha.swapCaptcha)(id, wasInvalidCaptcha, function () {
		(0, _captcha.swapCaptcha)(id, false, wasInvalidCaptcha, function () {
		setTimeout(function () {
		@@ -264,3 +264,3 @@ return signUpError(id, error);
		errorMessage = i18n.html(m, ['error', 'login', errorKey]);
		return (0, _captcha.swapCaptcha)(id, true, function () {
		return (0, _captcha.swapCaptcha)(id, false, true, function () {
		(0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
		@@ -267,0 +267,0 @@ });

lib/connection/database/index.js

		@@ -76,3 +76,3 @@ 'use strict';
		var valid = opts[name] === undefined \|\| typeof opts[name] === 'boolean';
		if (!valid) l.warn(opts, 'The `' + name + '` option will be ignored, because it is not a booelan.');
		if (!valid) l.warn(opts, 'The `' + name + '` option will be ignored, because it is not a boolean.');
		return valid;
		@@ -79,0 +79,0 @@ }

lib/connection/database/login_pane.js

		@@ -115,3 +115,3 @@ 'use strict';
		var captchaPane = l.captcha(lock) && l.captcha(lock).get('required') && ((0, _enterprise.isHRDDomain)(lock, (0, _database.databaseUsernameValue)(lock)) \|\| !sso) ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: lock, onReload: function onReload() {
		return (0, _captcha.swapCaptcha)(l.id(lock), false);
		return (0, _captcha.swapCaptcha)(l.id(lock), false, false);
		} }) : null;
		@@ -118,0 +118,0 @@

lib/connection/enterprise/actions.js

		@@ -73,3 +73,3 @@ 'use strict';

		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, false, fields);

		@@ -99,3 +99,3 @@ if (!isCaptchaValid && !ssoConnection) {
		var wasCaptchaInvalid = error && error.code === 'invalid captcha';
		(0, _captcha.swapCaptcha)(id, wasCaptchaInvalid, next);
		(0, _captcha.swapCaptcha)(id, false, wasCaptchaInvalid, next);
		});
		@@ -102,0 +102,0 @@ }

lib/connection/enterprise/hrd_pane.js

		@@ -60,3 +60,3 @@ 'use strict';
		var captchaPane = l.captcha(model) && l.captcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
		return (0, _captcha.swapCaptcha)(l.id(model), false);
		return (0, _captcha.swapCaptcha)(l.id(model), false, false);
		} }) : null;
		@@ -63,0 +63,0 @@

lib/connection/passwordless/actions.js

		@@ -16,4 +16,2 @@ 'use strict';

		var _immutable = require('immutable');

		var _index = require('../../store/index');
		@@ -43,2 +41,4 @@

		var _captcha = require('../captcha');

		function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
		@@ -48,3 +48,3 @@

		function getErrorMessage(m, error) {
		function getErrorMessage(m, id, error) {
		var key = error.error;
		@@ -56,8 +56,18 @@

		if (error.code === 'invalid_captcha') {
		var captchaConfig = l.passwordlessCaptcha(m);
		key = captchaConfig.get('provider') === 'recaptcha_v2' \|\| captchaConfig.get('provider') === 'recaptcha_enterprise' ? 'invalid_recaptcha' : 'invalid_captcha';
		}

		return i18n.html(m, ['error', 'passwordless', key]) \|\| i18n.html(m, ['error', 'passwordless', 'lock.fallback']);
		}

		function swapCaptchaAfterError(id, error) {
		var wasCaptchaInvalid = error && error.code === 'invalid_captcha';
		(0, _captcha.swapCaptcha)(id, true, wasCaptchaInvalid);
		}

		function requestPasswordlessEmail(id) {
		(0, _actions.validateAndSubmit)(id, ['email'], function (m) {
		sendEmail(m, requestPasswordlessEmailSuccess, requestPasswordlessEmailError);
		sendEmail(m, id, requestPasswordlessEmailSuccess, requestPasswordlessEmailError);
		});
		@@ -75,4 +85,5 @@ }
		var m = (0, _index.read)(_index.getEntity, 'lock', id);
		var errorMessage = getErrorMessage(m, error);
		return (0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
		var errorMessage = getErrorMessage(m, id, error);
		(0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
		swapCaptchaAfterError(id, error);
		}
		@@ -83,3 +94,3 @@
		var m = (0, _index.read)(_index.getEntity, 'lock', id);
		sendEmail(m, resendEmailSuccess, resendEmailError);
		sendEmail(m, id, resendEmailSuccess, resendEmailError);
		}
		@@ -101,3 +112,3 @@

		function sendEmail(m, successFn, errorFn) {
		function sendEmail(m, id, successFn, errorFn) {
		var params = {
		@@ -112,3 +123,8 @@ connection: getPasswordlessConnectionName(m, 'email'),
		}
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, true, []);

		if (!isCaptchaValid) {
		return (0, _captcha.showMissingCaptcha)(m, id, true);
		}

		_web_api2.default.startPasswordless(l.id(m), params, function (error) {
		@@ -132,2 +148,6 @@ if (error) {
		};
		var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, true, []);
		if (!isCaptchaValid) {
		return (0, _captcha.showMissingCaptcha)(m, id, true);
		}
		_web_api2.default.startPasswordless(id, params, function (error) {
		@@ -155,5 +175,6 @@ if (error) {
		var m = (0, _index.read)(_index.getEntity, 'lock', id);
		var errorMessage = getErrorMessage(m, error);
		var errorMessage = getErrorMessage(m, id, error);
		l.emitAuthorizationErrorEvent(m, error);
		return (0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
		(0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
		swapCaptchaAfterError(id, error);
		}
		@@ -179,3 +200,3 @@
		var _m = (0, _index.read)(_index.getEntity, 'lock', id);
		errorMessage = getErrorMessage(_m, error);
		errorMessage = getErrorMessage(_m, id, error);
		if (error.logToConsole) {
		@@ -194,2 +215,3 @@ console.error(error.description);
		(0, _index.swap)(_index.updateEntity, 'lock', id, _index4.restartPasswordless);
		(0, _captcha.swapCaptcha)(id, true, false);
		}
		@@ -196,0 +218,0 @@

lib/core/index.js

		@@ -42,3 +42,5 @@ 'use strict';
		exports.setCaptcha = setCaptcha;
		exports.setPasswordlessCaptcha = setPasswordlessCaptcha;
		exports.captcha = captcha;
		exports.passwordlessCaptcha = passwordlessCaptcha;
		exports.prefill = prefill;
		@@ -576,11 +578,15 @@ exports.warn = warn;

		function setPasswordlessCaptcha(m, value, wasInvalid) {
		m = captchaField.reset(m, wasInvalid);
		return set(m, 'passwordlessCaptcha', _immutable2.default.fromJS(value));
		}

		function captcha(m) {
		//some tests send an string as model.
		// https://github.com/auth0/lock/blob/82f56187698528699478bd429858cf91e387763c/src/__tests__/engine/classic/sign_up_pane.test.jsx#L28
		if ((typeof m === 'undefined' ? 'undefined' : _typeof(m)) !== 'object') {
		return;
		}
		return get(m, 'captcha');
		}

		function passwordlessCaptcha(m) {
		return get(m, 'passwordlessCaptcha');
		}

		function prefill(m) {
		@@ -784,3 +790,3 @@ return get(m, 'prefill', {});
		var currentCaptcha = get(m, 'captcha');
		if (currentCaptcha && currentCaptcha.get('provider') === 'recaptcha_v2') {
		if (currentCaptcha && (currentCaptcha.get('provider') === 'recaptcha_v2' \|\| currentCaptcha.get('provider') === 'recaptcha_enterprise')) {
		code = 'invalid_recaptcha';
		@@ -787,0 +793,0 @@ }

lib/core/remote_data.js

		@@ -101,3 +101,12 @@ 'use strict';

		m = (0, _sync2.default)(m, 'passwordlessCaptcha', {
		syncFn: function syncFn(m, cb) {
		_web_api2.default.getPasswordlessChallenge(m.get('id'), function (err, r) {
		cb(null, r);
		});
		},
		successFn: _index2.setPasswordlessCaptcha
		});

		return m;
		} // shouldn't depend on this

lib/core/web_api.js

		@@ -78,2 +78,6 @@ 'use strict';

		Auth0WebAPI.prototype.getPasswordlessChallenge = function getPasswordlessChallenge(lockID, callback) {
		return this.clients[lockID].getPasswordlessChallenge(callback);
		};

		Auth0WebAPI.prototype.getSSOData = function getSSOData(lockID) {
		@@ -80,0 +84,0 @@ var _clients$lockID;

lib/core/web_api/helper.js

		@@ -24,4 +24,4 @@ 'use strict';
		// Some of the checks are missing because I couldn't reproduce them and I'm
		// affraid they'll break existent functionality if add them.
		// We need a better errror handling story in auth0.js.
		// afraid they'll break existent functionality if add them.
		// We need a better error handling story in auth0.js.

		@@ -180,3 +180,3 @@ if (error.status === 'User closed the popup window') {
		function getVersion() {
		return '11.34.2';
		return '11.35.0';
		}

lib/core/web_api/p2_api.js

		@@ -209,2 +209,8 @@ 'use strict';

		Auth0APIClient.prototype.getPasswordlessChallenge = function getPasswordlessChallenge() {
		var _client$client$passwo;

		return (_client$client$passwo = this.client.client.passwordless).getChallenge.apply(_client$client$passwo, arguments);
		};

		Auth0APIClient.prototype.getUserCountry = function getUserCountry(cb) {
		@@ -211,0 +217,0 @@ return this.client.client.getUserCountry(cb);

lib/engine/classic/sign_up_pane.js

		@@ -105,3 +105,3 @@ 'use strict';
		var captchaPane = l.captcha(model) && l.captcha(model).get('required') && ((0, _enterprise.isHRDDomain)(model, (0, _index.databaseUsernameValue)(model)) \|\| !sso) ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
		return (0, _captcha.swapCaptcha)(l.id(model), false);
		return (0, _captcha.swapCaptcha)(l.id(model), false, false);
		} }) : null;
		@@ -108,0 +108,0 @@

lib/engine/passwordless/social_or_email_login_screen.js

		@@ -21,2 +21,8 @@ 'use strict';

		var _captcha_pane = require('../../field/captcha/captcha_pane');

		var _captcha_pane2 = _interopRequireDefault(_captcha_pane);

		var _captcha = require('../../connection/captcha');

		var _pane_separator = require('../../core/pane_separator');
		@@ -86,2 +92,6 @@

		var captchaPane = l.passwordlessCaptcha(model) && l.passwordlessCaptcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, isPasswordless: true, onReload: function onReload() {
		return (0, _captcha.swapCaptcha)(l.id(model), true, false);
		} }) : null;

		return _react2.default.createElement(
		@@ -93,3 +103,4 @@ 'div',
		header,
		email
		email,
		captchaPane
		);
		@@ -96,0 +107,0 @@ };

lib/engine/passwordless/social_or_phone_number_login_screen.js

		@@ -23,2 +23,8 @@ 'use strict';

		var _captcha_pane = require('../../field/captcha/captcha_pane');

		var _captcha_pane2 = _interopRequireDefault(_captcha_pane);

		var _captcha = require('../../connection/captcha');

		var _signed_in_confirmation = require('../../core/signed_in_confirmation');
		@@ -72,2 +78,6 @@

		var captchaPane = l.passwordlessCaptcha(model) && l.passwordlessCaptcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, isPasswordless: true, onReload: function onReload() {
		return (0, _captcha.swapCaptcha)(l.id(model), true, false);
		} }) : null;

		var separator = social && phoneNumber ? _react2.default.createElement(_pane_separator2.default, null) : null;
		@@ -80,3 +90,4 @@
		separator,
		phoneNumber
		phoneNumber,
		captchaPane
		);
		@@ -83,0 +94,0 @@ };

lib/field/captcha/captcha_pane.js

		@@ -54,6 +54,7 @@ 'use strict';
		lock = _props.lock,
		onReload = _props.onReload;
		onReload = _props.onReload,
		isPasswordless = _props.isPasswordless;

		var lockId = l.id(lock);
		var captcha = l.captcha(lock);
		var captcha = isPasswordless ? l.passwordlessCaptcha(lock) : l.captcha(lock);
		var value = (0, _index3.getFieldValue)(lock, 'captcha');
		@@ -90,3 +91,3 @@ var isValid = !(0, _index3.isFieldVisiblyInvalid)(lock, 'captcha');
		// TODO: blankErrorHint is deprecated.
		// It is kept for backwards compatibiliy in the code for the customers overwriting
		// It is kept for backwards compatibility in the code for the customers overwriting
		// it with languageDictionary. It can be removed in the next major release.
		@@ -93,0 +94,0 @@ return _react2.default.createElement(_captcha_input2.default, {

lib/field/email/email_pane.js

		@@ -89,3 +89,3 @@ 'use strict';
		// TODO: invalidErrorHint and blankErrorHint are deprecated.
		// They are kept for backwards compatibiliy in the code for the customers overwriting
		// They are kept for backwards compatibility in the code for the customers overwriting
		// them with languageDictionary. They can be removed in the next major release.
		@@ -92,0 +92,0 @@ var errMessage = value ? i18n.str('invalidErrorHint') \|\| i18n.str('invalidEmailErrorHint') : i18n.str('blankErrorHint') \|\| i18n.str('blankEmailErrorHint');

lib/field/index.js

		@@ -125,3 +125,3 @@ 'use strict';
		// TODO: in the future we might want to return the result of the
		// operation along with the model insteand of stopping the
		// operation along with the model instead of stopping the
		// rendering, like [false, m] in the case of failure and [true, m]
		@@ -128,0 +128,0 @@ // in the case of success.

lib/field/password/password_pane.js

		@@ -76,3 +76,3 @@ 'use strict';
		// TODO: invalidErrorHint and blankErrorHint are deprecated.
		// They are kept for backwards compatibiliy in the code for the customers overwriting
		// They are kept for backwards compatibility in the code for the customers overwriting
		// them with languageDictionary. They can be removed in the next major release.
		@@ -79,0 +79,0 @@ var invalidHint = c.getFieldValue(lock, 'password') ? i18n.str('invalidErrorHint') \|\| i18n.str('invalidPasswordErrorHint') : i18n.str('blankErrorHint') \|\| i18n.str('blankPasswordErrorHint');

lib/field/username/username_pane.js

		@@ -88,3 +88,3 @@ 'use strict';
		// TODO: invalidErrorHint and blankErrorHint are deprecated.
		// They are kept for backwards compatibiliy in the code for the customers overwriting
		// They are kept for backwards compatibility in the code for the customers overwriting
		// them with languageDictionary. They can be removed in the next major release.
		@@ -91,0 +91,0 @@ var invalidHintKey = function invalidHintKey(str) {

lib/i18n.js

		@@ -128,3 +128,3 @@ 'use strict';
		method: 'registerLanguageDictionary',
		url: l.languageBaseUrl(m) + '/js/lock/' + '11.34.2' + '/' + language + '.js',
		url: l.languageBaseUrl(m) + '/js/lock/' + '11.35.0' + '/' + language + '.js',
		check: function check(str) {
		@@ -131,0 +131,0 @@ return str && str === language;

lib/i18n/af.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Die telefoonnommer is ongeldig',
		'lock.fallback': 'Jammer, iets het verkeerd gegaan'
		'lock.fallback': 'Jammer, iets het verkeerd gegaan',
		invalid_captcha: "Los die uitdagingsvraag om te verifieer dat u nie 'n robot is nie.",
		invalid_recaptcha: "Kies die merkblokkie om te verifieer dat u nie 'n robot is nie."
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ar.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'رقم الهاتف غير صالح.',
		'lock.fallback': 'المعذرة، حصل خطأ ما.'
		'lock.fallback': 'المعذرة، حصل خطأ ما.',
		invalid_captcha: 'حل سؤال التحدي للتحقق من أنك لست روبوت.',
		invalid_recaptcha: 'حدد مربع الاختيار للتحقق من أنك لست روبوتًا.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/az.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Telefon nömrəsi düzgün deyil',
		'lock.fallback': 'Üzr istəyirik, səhv oldu'
		'lock.fallback': 'Üzr istəyirik, səhv oldu',
		invalid_captcha: 'Daxil etdiyiniz mətn səhv idi. <br /> Lütfən, yenidən cəhd edin.',
		invalid_recaptcha: 'Robot olmadığınızı təsdiqləmək üçün onay qutusunu seçin.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/bg.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Телефонният номер е невалиден',
		'lock.fallback': 'Съжаляваме, възникна грешка'
		'lock.fallback': 'Съжаляваме, възникна грешка',
		invalid_captcha: 'Решете задачата, за да се уверим, че не сте робот.',
		invalid_recaptcha: 'Поставете отметка, за да се уверим, че не сте робот.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ca.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'El número de telèfon no és vàlid',
		'lock.fallback': 'Quelcom ha fet fallida'
		'lock.fallback': 'Quelcom ha fet fallida',
		invalid_captcha: 'Resoleu la pregunta de desafiament per verificar que no sou un robot.',
		invalid_recaptcha: 'Seleccioneu la casella de verificació per verificar que no sou un robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/cs.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Telefonní číslo je neplatné',
		'lock.fallback': 'Je nám líto, něco se pokazilo'
		'lock.fallback': 'Je nám líto, něco se pokazilo',
		invalid_captcha: 'Vyřešte úlohu, abychom ověřili, že nejste robot.',
		invalid_recaptcha: 'Zaškrtněte políčko, abychom ověřili, že nejste robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/da.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Dette telefonnummer er ugyldigt',
		'lock.fallback': 'Vi beklager, men der skete en fejl'
		'lock.fallback': 'Vi beklager, men der skete en fejl',
		invalid_captcha: 'Løs udfordringsspørgsmålet for at kontrollere, at du ikke er en robot.',
		invalid_recaptcha: 'Marker afkrydsningsfeltet for at kontrollere, at du ikke er en robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/de.js

		@@ -35,3 +35,5 @@ 'use strict';
		'bad.phone_number': 'Diese Telefonnummer ist ungültig',
		'lock.fallback': 'Es tut uns leid, etwas ist schiefgelaufen.'
		'lock.fallback': 'Es tut uns leid, etwas ist schiefgelaufen.',
		invalid_captcha: 'Lösen Sie die Herausforderungsfrage, um sicherzustellen, dass Sie kein Roboter sind.',
		invalid_recaptcha: 'Aktivieren Sie das Kontrollkästchen, um sicherzustellen, dass Sie kein Roboter sind.'
		},
		@@ -38,0 +40,0 @@ signUp: {

lib/i18n/el.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Ο αριθμός τηλεφώνου δεν είναι έγκυρος',
		'lock.fallback': 'Λυπούμαστε, κάτι πήγε στραβά'
		'lock.fallback': 'Λυπούμαστε, κάτι πήγε στραβά',
		invalid_captcha: 'Λύστε την ερώτηση πρόκλησης για να επιβεβαιώσετε ότι δεν είστε ρομπότ.',
		invalid_recaptcha: 'Επιλέξτε το πλαίσιο ελέγχου για να επαληθεύσετε ότι δεν είστε ρομπότ.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/en.js

		@@ -35,3 +35,5 @@ 'use strict';
		'bad.phone_number': 'The phone number is invalid',
		'lock.fallback': "We're sorry, something went wrong"
		'lock.fallback': "We're sorry, something went wrong",
		invalid_captcha: 'Solve the challenge question to verify you are not a robot.',
		invalid_recaptcha: 'Select the checkbox to verify you are not a robot.'
		},
		@@ -38,0 +40,0 @@ signUp: {

lib/i18n/es.js

		@@ -35,3 +35,5 @@ 'use strict';
		'bad.phone_number': 'Teléfono inválido',
		'lock.fallback': 'Ocurrió un error durante el envío'
		'lock.fallback': 'Ocurrió un error durante el envío',
		invalid_captcha: 'El texto ingresado es incorrecto. <br /> Por favor, vuelva a intentarlo.',
		invalid_recaptcha: 'Seleccione la casilla de verificación para verificar que no es un robot.'
		},
		@@ -38,0 +40,0 @@ signUp: {

lib/i18n/et.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Vigane telefoninumber',
		'lock.fallback': 'Vabandame, midagi läks valesti.'
		'lock.fallback': 'Vabandame, midagi läks valesti.',
		invalid_captcha: 'Lahendage väljakutseküsimus ja veenduge, et te pole robot.',
		invalid_recaptcha: 'Valige märkeruut, et kontrollida, kas te pole robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/fa.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'شماره تلفن نامعتبر است.',
		'lock.fallback': 'متاسفیم ، خطایی رخ داده است.'
		'lock.fallback': 'متاسفیم ، خطایی رخ داده است.',
		invalid_captcha: 'حل مسئله چالش برای تأیید اینکه ربات نیستید.',
		invalid_recaptcha: 'کادر تأیید را انتخاب کنید تا تأیید کنید که روبات نیستید.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/fi.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Puhelinnumero ei kelpaa',
		'lock.fallback': 'Olemme pahoillamme, jotain meni vikaan'
		'lock.fallback': 'Olemme pahoillamme, jotain meni vikaan',
		invalid_captcha: 'Ratkaise haastekysymys varmistaaksesi, että et ole robotti.',
		invalid_recaptcha: 'Valitse valintaruutu varmistaaksesi, että et ole robotti.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/fr.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Le numéro de téléphone n’est pas valide',
		'lock.fallback': 'Nous sommes désolés, un problème est survenu'
		'lock.fallback': 'Nous sommes désolés, un problème est survenu',
		invalid_captcha: "Résolvez la question du défi pour vérifier que vous n'êtes pas un robot.",
		invalid_recaptcha: "Cochez la case pour vérifier que vous n'êtes pas un robot."
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/he.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'מספר הטלפון לא תקין',
		'lock.fallback': 'אנו מתנצלים, משהו השתבש'
		'lock.fallback': 'אנו מתנצלים, משהו השתבש',
		invalid_captcha: 'לפתור את שאלת האתגר כדי לוודא שאתה לא רובוט.',
		invalid_recaptcha: 'בחר בתיבת הסימון כדי לוודא שאתה לא רובוט.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/hr.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Neispravan broj telefona',
		'lock.fallback': 'Ispričavamo se, ali nešto je pošlo po zlu.'
		'lock.fallback': 'Ispričavamo se, ali nešto je pošlo po zlu.',
		invalid_captcha: 'Riješite izazovno pitanje kako biste provjerili da niste robot.',
		invalid_recaptcha: 'Označite potvrdni okvir da biste potvrdili da niste robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/hu.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Érvénytelen telefonszám.',
		'lock.fallback': 'Sajnáljuk, valami hiba történt.'
		'lock.fallback': 'Sajnáljuk, valami hiba történt.',
		invalid_captcha: 'Oldja meg a kihívást, és ellenőrizze, hogy nem robot.',
		invalid_recaptcha: 'Jelölje be a jelölőnégyzetet annak ellenőrzéséhez, hogy nem robot vagy-e.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/id.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Nomor telepon tidak valid.',
		'lock.fallback': 'Maaf, terjadi kesalahan'
		'lock.fallback': 'Maaf, terjadi kesalahan',
		invalid_captcha: 'Selesaikan pertanyaan tantangan untuk memverifikasi bahwa Anda bukan robot.',
		invalid_recaptcha: 'Pilih kotak centang untuk memverifikasi bahwa Anda bukan robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/it.js

		@@ -35,3 +35,5 @@ 'use strict';
		'bad.phone_number': 'Il numero di telefono non è valido',
		'lock.fallback': 'Ci dispiace, qualcosa è andato storto'
		'lock.fallback': 'Ci dispiace, qualcosa è andato storto',
		invalid_captcha: 'Risolvi la domanda di verifica per verificare che non sei un robot.',
		invalid_recaptcha: 'Seleziona la casella di controllo per verificare che non sei un robot.'
		},
		@@ -38,0 +40,0 @@ signUp: {

lib/i18n/ja.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': '電話番号が不正です',
		'lock.fallback': '申し訳ございません。エラーが発生しました。'
		'lock.fallback': '申し訳ございません。エラーが発生しました。',
		invalid_captcha: 'チャレンジ質問を解いて、ロボットではないことを確認してください。',
		invalid_recaptcha: 'チェックボックスを選択して、ロボットでないことを確認します。'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ko.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': '전화번호가 유효하지 않습니다',
		'lock.fallback': '죄송합니다. 오류가 발생하였습니다'
		'lock.fallback': '죄송합니다. 오류가 발생하였습니다',
		invalid_captcha: '로봇이 아닌 사람인지 확인하기 위해 챌린지 질문을 해결하십시오.',
		invalid_recaptcha: '로봇이 아닌지 확인하려면 확인란을 선택하십시오.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/lt.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Neteisingas telefono numeris',
		'lock.fallback': 'Atsiprašome, įvyko netikėta klaida.'
		'lock.fallback': 'Atsiprašome, įvyko netikėta klaida.',
		invalid_captcha: 'Išspręskite iššūkio klausimą ir įsitikinkite, kad nesate robotas.',
		invalid_recaptcha: 'Pažymėkite žymimąjį laukelį, kad patikrintumėte, ar nesate robotas.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/lv.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Nederīgs tālruņa numurs',
		'lock.fallback': 'Diemžēl radās problēma'
		'lock.fallback': 'Diemžēl radās problēma',
		invalid_captcha: 'Atrisiniet izaicinājuma jautājumu, lai pārliecinātos, ka neesat robots.',
		invalid_recaptcha: 'Atzīmējiet izvēles rūtiņu, lai pārliecinātos, ka neesat robots.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ms.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Nombor telefon tidak sah',
		'lock.fallback': 'Harap maaf, sesuatu berlaku'
		'lock.fallback': 'Harap maaf, sesuatu berlaku',
		invalid_captcha: 'Selesaikan soalan cabaran untuk mengesahkan bahawa anda bukan robot.',
		invalid_recaptcha: 'Pilih kotak pilihan untuk mengesahkan bahawa anda bukan robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/nb.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Telefonnummeret er ugyldig',
		'lock.fallback': 'Beklager, noe gikk galt'
		'lock.fallback': 'Beklager, noe gikk galt',
		invalid_captcha: 'Løs utfordringsspørsmålet for å bekrefte at du ikke er en robot.',
		invalid_recaptcha: 'Merk av i avmerkingsboksen for å bekrefte at du ikke er en robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/nl.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Het telefoonnummer is ongeldig',
		'lock.fallback': 'Onze excuses, er is iets fout gegaan.'
		'lock.fallback': 'Onze excuses, er is iets fout gegaan.',
		invalid_captcha: 'Los de vraag op om te verifiëren dat u geen robot bent.',
		invalid_recaptcha: 'Selecteer het vakje om te verifiëren dat u geen robot bent.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/nn.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Ugyldig telefonnummer',
		'lock.fallback': 'Beklagar, men noko gjekk galt'
		'lock.fallback': 'Beklagar, men noko gjekk galt',
		invalid_captcha: 'Løs utfordringsspørsmålet for å bekrefte at du ikke er en robot.',
		invalid_recaptcha: 'Merk av i avmerkingsboksen for å bekrefte at du ikke er en robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/no.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Ugyldig telefonnummer',
		'lock.fallback': 'Beklager, men noe gikk galt'
		'lock.fallback': 'Beklager, men noe gikk galt',
		invalid_captcha: 'Løs utfordringsspørsmålet for å bekrefte at du ikke er en robot.',
		invalid_recaptcha: 'Merk av i avmerkingsboksen for å bekrefte at du ikke er en robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/pl.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Numer telefonu nie jest poprawny',
		'lock.fallback': 'Przykro nam, coś poszło nie tak'
		'lock.fallback': 'Przykro nam, coś poszło nie tak',
		invalid_captcha: 'Rozwiąż pytanie kontrolne, aby sprawdzić, czy nie jesteś robotem.',
		invalid_recaptcha: 'Zaznacz pole wyboru, aby potwierdzić, że nie jesteś robotem.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/pt-br.js

		@@ -35,3 +35,5 @@ 'use strict';
		'bad.phone_number': 'O número de telefone é inválido',
		'lock.fallback': 'Sentimos muito, algo deu errado'
		'lock.fallback': 'Sentimos muito, algo deu errado',
		invalid_captcha: 'Resolva a questão do desafio para verificar se você não é um robô.',
		invalid_recaptcha: 'Marque a caixa de seleção para verificar se você não é um robô.'
		},
		@@ -38,0 +40,0 @@ signUp: {

lib/i18n/pt.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'O número de telefone é inválido',
		'lock.fallback': 'Lamentamos, correu um erro.'
		'lock.fallback': 'Lamentamos, correu um erro.',
		invalid_captcha: 'Resolva a questão do desafio para verificar se você não é um robô.',
		invalid_recaptcha: 'Marque a caixa de seleção para verificar se você não é um robô.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ro.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Numărul de telefon este invalid',
		'lock.fallback': 'Ne pare rău, ceva nu a funcționat'
		'lock.fallback': 'Ne pare rău, ceva nu a funcționat',
		invalid_captcha: 'Rezolvați întrebarea pentru a verifica dacă nu sunteți un robot.',
		invalid_recaptcha: 'Selectați caseta pentru a verifica dacă nu sunteți un robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ru.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Недействительный номер телефона',
		'lock.fallback': 'Произошла непредвиденная ошибка. Приносим свои извинения'
		'lock.fallback': 'Произошла непредвиденная ошибка. Приносим свои извинения',
		invalid_captcha: 'Решите сложный вопрос, чтобы убедиться, что вы не робот.',
		invalid_recaptcha: 'Установите флажок, чтобы убедиться, что вы не робот.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/sk.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Neplatné telefónne číslo',
		'lock.fallback': 'Ospravedlňujeme sa, niečo nie je v poriadku'
		'lock.fallback': 'Ospravedlňujeme sa, niečo nie je v poriadku',
		invalid_captcha: 'Vyriešte výzvu a overte, či nie ste robot.',
		invalid_recaptcha: 'Začiarknutím políčka overíte, či nie ste robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/sl.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Napačna telefonska številka',
		'lock.fallback': 'Žal je prišlo do napake'
		'lock.fallback': 'Žal je prišlo do napake',
		invalid_captcha: 'Rešite izzivno vprašanje in preverite, ali niste robot.',
		invalid_recaptcha: 'Izberite potrditveno polje, da preverite, da niste robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/sr.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Broj telefona je nevažeći',
		'lock.fallback': 'Žao nam je, došlo je do greške'
		'lock.fallback': 'Žao nam je, došlo je do greške',
		invalid_captcha: 'Решите изазовно питање да бисте потврдили да нисте робот.',
		invalid_recaptcha: 'Потврдите избор у пољу за потврду да нисте робот.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/sv.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Ditt telefonnummer är ogiltigt.',
		'lock.fallback': 'Något gick fel.'
		'lock.fallback': 'Något gick fel.',
		invalid_captcha: 'Lös utmaningsfrågan för att verifiera att du inte är en robot.',
		invalid_recaptcha: 'Markera kryssrutan för att verifiera att du inte är en robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/tr.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Telefon numarası geçerli değil',
		'lock.fallback': 'Özür dileriz, bir hata oluştu'
		'lock.fallback': 'Özür dileriz, bir hata oluştu',
		invalid_captcha: 'Robot olmadığınızı doğrulamak için meydan okuma sorusunu çözün.',
		invalid_recaptcha: 'Robot olmadığınızı doğrulamak için onay kutusunu seçin.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/ua.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Недійсний номер телефону',
		'lock.fallback': 'Йой! Виникла непередбачувана помилка при спробі авторизації. Перепрошуємо.'
		'lock.fallback': 'Йой! Виникла непередбачувана помилка при спробі авторизації. Перепрошуємо.',
		invalid_captcha: 'Вирішіть складне питання, щоб переконатися, що ви не робот.',
		invalid_recaptcha: 'Установіть прапорець, щоб переконатися, що ви не робот.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/uk.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Неправильний номер телефону',
		'lock.fallback': 'На жаль, сталася помилка'
		'lock.fallback': 'На жаль, сталася помилка',
		invalid_captcha: 'Вирішіть складне питання, щоб переконатися, що ви не робот.',
		invalid_recaptcha: 'Установіть прапорець, щоб переконатися, що ви не робот.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/vi.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': 'Số điện thoại không hợp lệ.',
		'lock.fallback': 'Đã có lỗi xãy ra, chúng tôi rất lấy làm tiếc.'
		'lock.fallback': 'Đã có lỗi xãy ra, chúng tôi rất lấy làm tiếc.',
		invalid_captcha: 'Giải quyết câu hỏi thử thách để xác minh bạn không phải là robot.',
		invalid_recaptcha: 'Chọn hộp kiểm để xác minh bạn không phải là robot.'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/zh-tw.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': '手機號碼錯誤。',
		'lock.fallback': '對不起，發生錯誤。'
		'lock.fallback': '對不起，發生錯誤。',
		invalid_captcha: '解決挑戰問題以驗證您不是機器人。',
		invalid_recaptcha: '選中復選框以確認您不是機器人。'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/i18n/zh.js

		@@ -38,3 +38,5 @@ 'use strict';
		'bad.phone_number': '手机号码格式不正确。',
		'lock.fallback': '对不起，出现错误。'
		'lock.fallback': '对不起，出现错误。',
		invalid_captcha: '解决挑战问题以验证您不是机器人。',
		invalid_recaptcha: '选中复选框以确认您不是机器人。'
		},
		@@ -41,0 +43,0 @@ signUp: {

lib/lock.js

		@@ -45,3 +45,3 @@ 'use strict';
		exports.default = Auth0Lock;
		Auth0Lock.version = '11.34.2';
		Auth0Lock.version = '11.35.0';

		@@ -48,0 +48,0 @@ // TODO: should we have different telemetry for classic/passwordless?

lib/passwordless.js

		@@ -44,2 +44,2 @@ 'use strict';

		Auth0LockPasswordless.version = '11.34.2';
		Auth0LockPasswordless.version = '11.35.0';

lib/ui/box/multisize_slide.js

		@@ -46,3 +46,3 @@ 'use strict';
		// TODO: take a prop to identify what are we rendering instead of
		// infering it from children keys so we can accept more than one
		// inferring it from children keys so we can accept more than one
		// child (we are already wrapping them).
		@@ -49,0 +49,0 @@ if (this.state.children.current.key != nextProps.children.key) {

package.json

		{
		"name": "auth0-lock",
		"version": "11.34.2",
		"version": "11.35.0",
		"description": "Auth0 Lock",
		"author": "Auth0 <support@auth0.com> (http://auth0.com)",
		"license": "MIT",
		"homepage": "https://github.com/auth0/lock",
		"keywords": [
		@@ -43,6 +44,6 @@ "auth0",
		"@auth0/component-cdn-uploader": "^2.2.2",
		"@google-cloud/translate": "^6.0.2",
		"@google-cloud/translate": "^6.0.5",
		"babel-core": "^6.17.0",
		"babel-eslint": "^7.2.2",
		"babel-loader": "^6.2.5",
		"babel-loader": "^6.2.10",
		"babel-plugin-stylus-compiler": "^1.4.0",
		@@ -61,5 +62,5 @@ "babel-plugin-transform-class-properties": "^6.24.1",
		"css-loader": "^0.28.11",
		"emojic": "^1.1.15",
		"enzyme": "^3.1.0",
		"enzyme-adapter-react-15": "^1.0.1",
		"emojic": "^1.1.17",
		"enzyme": "^3.1.1",
		"enzyme-adapter-react-15": "^1.0.6",
		"es-check": "^6.0.0",
		@@ -72,3 +73,3 @@ "eslint": "^7.32.0",
		"flat": "^5.0.2",
		"glob": "^7.1.6",
		"glob": "^7.1.7",
		"grunt": "^1.3.0",
		@@ -80,16 +81,16 @@ "grunt-babel": "^6.0.0",
		"grunt-env": "^0.4.4",
		"grunt-exec": "^0.4.6",
		"grunt-exec": "^0.4.7",
		"grunt-webpack": "^2.0.1",
		"husky": "^7.0.2",
		"husky": "^7.0.4",
		"jest": "^21.2.1",
		"json-beautify": "^1.0.1",
		"karma": "^6.3.4",
		"karma": "^6.3.20",
		"karma-babel-preprocessor": "^7.0.0",
		"karma-browserify": "^8.1.0",
		"karma-browserstack-launcher": "^1.6.0",
		"karma-chrome-launcher": "^3.1.0",
		"karma-chrome-launcher": "^3.1.1",
		"karma-mocha": "^2.0.1",
		"karma-mocha-reporter": "^2.2.5",
		"lint-staged": "^11.1.2",
		"mocha": "^9.1.1",
		"lint-staged": "^11.1.4",
		"mocha": "^9.1.4",
		"node-es-module-loader": "^0.3.8",
		@@ -103,3 +104,3 @@ "prettier": "^2.4.1",
		"tmp": "^0.2.1",
		"uglify-js": "^2.7.4",
		"uglify-js": "^2.7.5",
		"unminified-webpack-plugin": "^1.1.1",
		@@ -109,17 +110,17 @@ "unreleased": "^0.1.0",
		"webpack": "^2.2.1",
		"webpack-core": "^0.6.8",
		"webpack-core": "^0.6.9",
		"webpack-dev-server": "^2.3.0"
		},
		"dependencies": {
		"auth0-js": "^9.19.0",
		"auth0-js": "^9.20.0",
		"auth0-password-policies": "^1.0.2",
		"blueimp-md5": "^2.19.0",
		"classnames": "^2.3.1",
		"dompurify": "^2.3.7",
		"immutable": "^3.7.3",
		"classnames": "^2.3.2",
		"dompurify": "^2.3.12",
		"immutable": "^3.7.6",
		"jsonp": "^0.2.1",
		"node-fetch": "^2.6.7",
		"password-sheriff": "^1.1.1",
		"prop-types": "^15.8.0",
		"qs": "^6.10.3",
		"prop-types": "^15.8.1",
		"qs": "^6.10.4",
		"react": "^15.6.2",
		@@ -126,0 +127,0 @@ "react-dom": "^15.6.2",

731

README.md

		@@ -1,33 +0,21 @@
		[![NPM version][npm-image]][npm-url]
		[![Build status][circleci-image]][circleci-url]
		[![Dependency Status][david-image]][david-url]
		[![License][license-image]][license-url]
		[![Downloads][downloads-image]][downloads-url]
		[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Flock.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Flock?ref=badge_shield)
		![Auth0's configurable login form for web applications](https://cdn.auth0.com/website/sdks/banners/lock-banner.png)

		# Lock
		![Release](https://img.shields.io/npm/v/auth0-lock)
		![Downloads](https://img.shields.io/npm/dw/auth0-lock)
		[![License](https://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
		![CircleCI](https://img.shields.io/circleci/build/github/auth0/lock)

		[Auth0](https://auth0.com) is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce.
		## Documentation

		## Table of Contents
		- [Docs Site](https://auth0.com/docs) - explore our Docs site and learn more about Auth0.

		1. [Install](#install)
		2. [Cross Origin Authentication](#cross-origin-authentication)
		3. [API](#api)
		4. [Browser Compatibility](#browser-compatibility)
		5. [Issue Reporting](#issue-reporting)
		6. [Author](#author)
		7. [License](#license)
		## Getting Started
		### Browser Compatibility

		## Install
		We ensure browser compatibility in Chrome, Safari, Firefox and IE >= 10.

		From CDN
		### Installation

		```html
		<!-- Latest patch release (recommended for production) -->
		<script src="https://cdn.auth0.com/js/lock/11.34.2/lock.min.js"></script>
		```
		Using [npm](https://npmjs.org) in your project directory run the following command:

		From [npm](https://npmjs.org)

		```sh
		@@ -37,83 +25,58 @@ npm install auth0-lock

		Then you can import `Auth0Lock` or `Auth0LockPasswordless` like this:
		From CDN

		```js
		import Auth0Lock from 'auth0-lock';
		// OR
		import { Auth0Lock } from 'auth0-lock';
		import { Auth0LockPasswordless } from 'auth0-lock';
		```

		After installing the `auth0-lock` module, you'll need to bundle it up along with all of its dependencies. See examples for [browserify](examples/bundling/browserify/) and [webpack](examples/bundling/webpack/).

		> It is expected that you use the development mode when working on your app, and the production mode when deploying your app to the users.
		> You can find instructions for building your app for production with different module bundlers [here](https://reactjs.org/docs/optimizing-performance.html#use-the-production-build).

		If you are targeting mobile audiences, we recommended that you add:

		```html
		<meta name="viewport" content="width=device-width, initial-scale=1" />
		<!-- Latest patch release (recommended for production) -->
		<script src="https://cdn.auth0.com/js/lock/11.35.0/lock.min.js"></script>
		```

		## Cross-Origin Authentication
		### Configure Auth0

		Lock uses Cross-Origin Authentication, make sure you understand the considerations you need to take into account by reading the [Cross-Origin Authentication documentation](https://auth0.com/docs/cross-origin-authentication).
		Create a Single Page Application in the [Auth0 Dashboard](https://manage.auth0.com/#/applications).

		## API
		> If you're using an existing application, verify that you have configured the following settings in your Single Page Application:
		>
		> - Click on the "Settings" tab of your application's page.
		> - Ensure that "Token Endpoint Authentication Method" under "Application Properties" is set to "None"
		> - Scroll down and click on the "Show Advanced Settings" link.
		> - Under "Advanced Settings", click on the "OAuth" tab.
		> - Ensure that "JsonWebToken Signature Algorithm" is set to `RS256` and that "OIDC Conformant" is enabled.
		Next, configure the following URLs for your application under the "Application URIs" section of the "Settings" page:

		### new Auth0Lock(clientID, domain, options)
		- Allowed Callback URLs: `http://localhost:3000`
		- Allowed Logout URLs: `http://localhost:3000`
		- Allowed Web Origins: `http://localhost:3000`

		Initializes a new instance of `Auth0Lock` configured with your application `clientID` and your account's `domain` at [Auth0](https://manage.auth0.com/). You can find this information in your [application settings](https://manage.auth0.com/#/applications).
		> These URLs should reflect the origins that your application is running on. Allowed Callback URLs may also include a path, depending on where you're handling the callback (see below).
		Take note of the Client ID and Domain values under the "Basic Information" section. You'll need these values in the next step.

		- clientId {String}: Your application _clientId_ in Auth0.
		- domain {String}: Your Auth0 _domain_. Usually _your-account.auth0.com_.
		- options {Object}: Allows you to customize the dialog's appearance and behavior. See [below](#customization) for the details.
		### Configure the SDK

		#### Example
		Create either an `Auth0Lock` or `Auth0LockPasswordless` instance.

		```js
		var clientId = 'YOUR_AUTH0_APP_CLIENTID';
		var domain = 'YOUR_DOMAIN_AT.auth0.com';
		var lock = new Auth0Lock(clientId, domain);
		var accessToken = null;
		var profile = null;
		#### Auth0Lock

		lock.on('authenticated', function (authResult) {
		lock.getUserInfo(authResult.accessToken, function (error, profileResult) {
		if (error) {
		// Handle error
		return;
		}
		````js
		import { Auth0Lock } from 'auth0-lock';

		accessToken = authResult.accessToken;
		profile = profileResult;
		const lock = new Auth0Lock('{YOUR_AUTH0_CLIENT_ID}', '{YOUR_AUTH0_DOMAIN}');
		````

		// Update DOM
		});
		});
		```
		#### Auth0LockPasswordless

		### new Auth0LockPasswordless(clientID, domain, options)
		````js
		import { Auth0LockPasswordless } from 'auth0-lock';

		Initializes a new instance of `Auth0LockPasswordless` configured with your application `clientID` and your account's `domain` at [Auth0](https://manage.auth0.com/). You can find this information in your [application settings](https://manage.auth0.com/#/applications).
		const lock = new Auth0LockPasswordless('{YOUR_AUTH0_CLIENT_ID}', '{YOUR_AUTH0_DOMAIN}');
		````

		- clientId {String}: Your application _clientId_ in Auth0.
		- domain {String}: Your Auth0 _domain_. Usually _your-account.auth0.com_.
		- options {Object}: Allows you to customize the dialog's appearance and behavior. See [below](#customization) for the details.
		### Logging In

		If both SMS and email passwordless connections are enabled [in the dashboard](https://manage.auth0.com/#/connections/passwordless), Lock will pick email by default. If you want to conditionally pick email or SMS, use the [`allowedConnections`](#ui-options) option, for example: `allowedConnections: ['sms']`.
		You can then configure a listener for the `authenticated` event to retrieve an access token and call `show` to display the Lock widget.

		If using an [additional passwordless connection](#additional-passwordless-connections) that has been created through the Management API, you must specify the connection in `allowedConnections` and also enable the `useCustomPasswordlessConnection` flag in the options.
		```html
		<button id="login">Click to Login</button>
		```

		For more information, read our [passwordless docs](https://auth0.com/docs/connections/passwordless).

		#### Example

		```js
		var clientId = 'YOUR_AUTH0_APP_CLIENTID';
		var domain = 'YOUR_DOMAIN_AT.auth0.com';
		var lock = new Auth0LockPasswordless(clientId, domain);
		var accessToken = null;
		var profile = null;

		````js
		lock.on('authenticated', function (authResult) {
		@@ -132,582 +95,44 @@ lock.getUserInfo(authResult.accessToken, function (error, profileResult) {
		});
		```

		### getUserInfo(accessToken, callback)
		document.getElementById('login').addEventListener('click', () => {
		lock.show()
		});.
		````

		Once the user has logged in and you are in possession of an access token, you can obtain the profile with `getUserInfo`.
		For other comprehensive examples and documentation on the configuration options, see the [EXAMPLES.md](https://github.com/auth0/lock/blob/master/EXAMPLES.md) document.

		- accessToken {String}: User access token.
		- callback {Function}: Will be invoked after the user profile has been retrieved.
		## Feedback

		#### Example
		### Contributing

		```js
		lock.getUserInfo(accessToken, function (error, profile) {
		if (!error) {
		alert('hello ' + profile.name);
		}
		});
		```
		We appreciate feedback and contribution to this repo! Before you get started, please see the following:

		### on(event, callback)
		- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
		- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
		- [This repo's contribution guide](https://github.com/auth0/lock/blob/master/DEVELOPMENT.md)

		Lock will emit events during its lifecycle.
		### Raise an issue

		- `show`: emitted when Lock is shown. Has no arguments.
		- `hide`: emitted when Lock is hidden. Has no arguments.
		- `unrecoverable_error`: emitted when there is an unrecoverable error, for instance when no connection is available. Has the error as the only argument.
		- `authenticated`: emitted after a successful authentication. Has the authentication result as the only argument.
		- `authorization_error`: emitted when authorization fails. Has the error as the only argument.
		- `hash_parsed`: every time a new Auth0Lock object is initialized in redirect mode (the default), it will attempt to parse the hash part of the URL looking for the result of a login attempt. This is a _low-level_ event for advanced use cases and _authenticated_ and _authorization_error_ should be preferred when possible. After that, this event will be emitted with `null` if it couldn't find anything in the hash. It will be emitted with the same argument as the `authenticated` event after a successful login or with the same argument as `authorization_error` if something went wrong. This event won't be emitted in popup mode because there is no need to parse the URL's hash part.
		- `forgot_password ready`: emitted when the "Forgot password" screen is shown.
		- `forgot_password submit`: emitted when the user clicks on the submit button of the "Forgot password" screen.
		- `signin submit`: emitted when the user clicks on the submit button of the "Login" screen.
		- `signup submit`: emitted when the user clicks on the submit button of the "Sign up" screen.
		- `signup success`: emitted when the user successfully signs up.
		- `signup error`: emitted when signup fails. Has the error as an argument.
		- `federated login`: emitted when the user clicks on a social connection button. Has the connection name and the strategy as arguments.
		- `sso login`: emitted when the user clicks on an enterprise SSO connection button. Has the lock ID, connection object, and field name as arguments.
		- `ssodata fetched`: emitted when the SSOData endpoint was called, usually as a result of an internal `checkSession` call. Has the error and the SSOData object as arguments.
		:warning: Note: We are no longer supporting requests for new features. Only requests for bug fixes or security patches will be considered.

		### show(options)
		To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/lock/issues).

		Displays the widget, allowing you to override some options.
		### Vulnerability Reporting

		- options {Object}: Allows you to customize some aspect of the dialog's appearance and behavior. The options allowed in here are a subset of the options allowed in the constructor and will override them: `allowedConnections`, `auth.params`, `allowLogin`, `allowSignUp`, `allowForgotPassword`, `initialScreen`, `rememberLastLogin`, `flashMessage` and `languageDictionary`. See [below](#customization) for the details. Keep in mind that `auth.params` will be fully replaced and not merged.
		Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.

		#### Example
		## What is Auth0?

		```js
		// without options
		lock.show();

		// will override the allowedConnections option passed to the constructor, if any
		lock.show({ allowedConnections: ['twitter', 'facebook'] });

		// will override the entire auth.params object passed to the constructor, if any
		lock.show({ auth: { params: { state: 'auth_state' } } });
		```

		### resumeAuth(hash, callback)

		If you set the [auth.autoParseHash](#authentication-options) option to `false`, you'll need to call this method to complete the authentication flow. This method is useful when you're using a client-side router that uses a `#` to handle URLs (angular2 with `useHash` or react-router with `hashHistory`).

		- hash {String}: The hash fragment received from the redirect.
		- callback {Function}: Will be invoked after the parse is done. Has an error (if any) as the first argument and the authentication result as the second one. If there is no hash available, both arguments will be `null`.

		#### Example

		```js
		lock.resumeAuth(hash, function (error, authResult) {
		if (error) {
		alert('Could not parse hash');
		}
		console.log(authResult.accessToken);
		});
		```

		### logout(options)

		Logs out the user.

		- options {Object}: This is optional and follows the same rules as [this](https://auth0.com/docs/libraries/auth0js#logout).

		#### Example

		```js
		lock.logout({ returnTo: 'https://myapp.com/bye-bye' });
		```

		### checkSession(params, callback)

		The checkSession method allows you to acquire a new token from Auth0 for a user who is already authenticated against the universal login page for your domain. The method accepts any valid OAuth2 parameters that would normally be sent to authorize. In order to use this method, you have to enable Web Origins for your application. For more information, see [Using checkSession to acquire new tokens](https://auth0.com/docs/libraries/auth0js#using-checksession-to-acquire-new-tokens).

		- params {Object}: OAuth2 params object to send to Auth0's servers.
		- callback {Function}: Will be invoked after the response from the server is returned. Has an error (if any) as the first argument and the authentication result as the second one.

		#### Example

		```js
		lock.checkSession({}, function (error, authResult) {
		if (error \|\| !authResult) {
		lock.show();
		} else {
		// user has an active session, so we can use the accessToken directly.
		lock.getUserInfo(authResult.accessToken, function (error, profile) {
		console.log(error, profile);
		});
		}
		});
		```

		### Customization

		The appearance of the widget and the mechanics of authentication can be customized with an `options` object which has one or more of the following properties. Each method that opens the dialog can take an `options` object as its first argument.

		#### UI options

		- allowedConnections {Array}: List of connection that will be available to perform the authentication. It defaults to all enabled connections.
		- autoclose {Boolean}: Determines whether or not the Lock will be closed automatically after a successful sign in. If the Lock is not `closable` it won't be closed even if this option is set to `true`. Defaults to `false`.
		- autofocus {Boolean}: Determines whether or not the first input on the screen, that is the email or phone number input, should have focus when the Lock is displayed. Defaults to `false` when a `container` option is provided or the Lock is being rendered on a mobile device. Otherwise, it defaults to `true`.
		- avatar {Object}: Determines whether or not an avatar and a username should be displayed on the Lock's header once an email or username has been entered and how to obtain it. By default avatars are fetched from [Gravatar](https://gravatar.com/). Supplying `null` will disable the functionality. To fetch avatar from other provider see [below](#avatar-provider).
		- container {String}: The `id` of the HTML element where the Lock will be rendered. This makes the Lock appear inline instead of in a modal window.
		- language {String}: Specifies the language of the widget. Defaults to `"en"`. Supported languages are:
		- `de`: German
		- `en`: English
		- `es`: Spanish
		- `it`: Italian
		- `nb`: Norwegian bokmål
		- `pt-BR`: Brazilian Portuguese
		- `ru`: Russian
		- `zh`: Chinese
		- `ja`: Japanese
		- [Check all the available languages](https://github.com/auth0/lock/tree/master/src/i18n)
		- languageDictionary {Object}: Allows you to customize every piece of text displayed in the Lock. Defaults to `{}`. See below [Language Dictionary Specification](#language-dictionary-specification) for the details.
		- closable {Boolean}: Determines whether or not the Lock can be closed. When a `container` option is provided its value is always `false`, otherwise it defaults to `true`.
		- popupOptions {Object}: Allows you to customize the location of the popup in the screen. Any [position and size feature](https://developer.mozilla.org/en-US/docs/Web/API/Window/open#Position_and_size_features) allowed by `window.open` is accepted. Defaults to `{}`.
		- rememberLastLogin {Boolean}: Determines whether or not to show a screen that allows you to quickly log in with the account you used the last time when the `initialScreen` option is set to `"login"` (the default). Defaults to `true`.
		- flashMessage {Object}: Shows an `error` or `success` flash message when Lock is shown.
		- type {String}: The message type, it should be `error` or `success`.
		- text {String}: The text to show.
		- allowAutocomplete {Boolean}: Determines whether or not the email or username inputs will allow autocomplete (`<input autocomplete />`). Defaults to `false`.
		- scrollGlobalMessagesIntoView {Boolean}: Determines whether or not a globalMessage should be scrolled into the user's viewport. Defaults to `true`.
		- allowShowPassword {Boolean}: Determines whether or not add a checkbox to show the password when typing it. Defaults to `false`.
		- allowPasswordAutocomplete {Boolean}: Determines whether the password field will allow autocomplete; setting this to `true` is required for password manager support and to avoid many cases of adverse behavior. Defaults to `false`.
		- preferConnectionDisplayName {Boolean}: If true, Lock will try to use the connection display name as configured in the manage dashboard, if available.
		- forceAutoHeight {Boolean}: If true, Lock will use the `height: auto!important` style on the wrapping div, which may be useful in some circumstances where `height: 100vh` is undesirable (see [\#1963](https://github.com/auth0/lock/issues/1963)). Defaults to `false`.

		#### Theming options

		Theme options are grouped in the `theme` property of the `options` object.

		```js
		var options = {
		theme: {
		labeledSubmitButton: false,
		logo: 'https://example.com/assets/logo.png',
		primaryColor: 'green',
		authButtons: {
		connectionName: {
		displayName: '...',
		primaryColor: '...',
		foregroundColor: '...',
		icon: 'https://.../logo.png'
		}
		}
		}
		};
		```

		- labeledSubmitButton {Boolean}: Indicates whether or not the submit button should have a label. Defaults to `true`. When set to `false` an icon will be shown. The labels can be customized through the `languageDictionary`.
		- logo {String}: Url for an image that will be placed in the Lock's header. Defaults to Auth0's logo.
		- primaryColor {String}: Defines the primary color of the Lock, all colors used in the widget will be calculated from it. This option is useful when providing a custom `logo` to ensure all colors go well together with the logo's color palette. Defaults to `"#ea5323"`.
		- authButtons {Object}: Allows the customization of the custom oauth2 login buttons.
		- displayName {String}: The name to show instead of the connection name.
		- primaryColor {String}: The button's background color. Defaults to `"#eb5424"`.
		- foregroundColor {String}: The button's text color. Defaults to `"#FFFFFF"`.
		- icon {String}: The icon's url for the connection. For example:`"https://site.com/logo.png"`.

		#### Authentication options

		Authentication options are grouped in the `auth` property of the `options` object. The default scope used by Lock is `openid profile email`.

		```js
		var options = {
		auth: {
		params: {
		param1: 'value1',
		scope: 'openid profile email'
		},
		autoParseHash: true,
		redirect: true,
		redirectUrl: 'some url',
		responseMode: 'form_post',
		responseType: 'token',
		sso: true,
		connectionScopes: {
		connectionName: ['scope1', 'scope2']
		}
		}
		};
		```

		- params {Object}: Specifies extra parameters that will be sent when starting a login. Defaults to `{}`.
		- autoParseHash {Boolean}: When set to `true`, Lock will parse the `window.location.hash` string when instantiated. If set to `false`, you'll have to manually resume authentication using the [resumeAuth](#resumeauthhash-callback) method.
		- redirect {Boolean}: When set to `true`, the default, _redirect mode_ will be used. Otherwise, _popup mode_ is chosen. See [below](#popup-mode) for more details.
		- redirectUrl {String}: The URL Auth0 will redirect back to after authentication. Defaults to the empty string `""` (no redirect URL).
		- responseMode {String}: Should be set to `"form_post"` if you want the code or the token to be transmitted via an HTTP POST request to the `redirectUrl` instead of being included in its query or fragment parts. Otherwise, it should be omitted.
		- responseType {String}: Should be set to `"token"` for Single Page Applications, and `"code"` otherwise. Also, `"id_token"` is supported for the first case. Defaults to `"code"` when `redirectUrl` is provided, and to `"token"` otherwise.
		- sso {Boolean}: Determines whether Single Sign-On is enabled or not in Lock. The Auth0 SSO session will be created regardless of this option if SSO is enabled for your application or tenant.
		- connectionScopes {Object}: Allows you to set scopes to be sent to the oauth2/social/enterprise connection for authentication.

		#### Database options

		- additionalSignUpFields {Array}: Allows you to provide extra input fields during sign up. See [below](#additional-sign-up-fields) more for details. Defaults to `[]`.
		- allowLogin {Boolean}: When set to `false` the widget won't display the _login screen_. This is useful if you want to use the widget just for signups (the _login and sign up tabs_ in the _sign up screen_ will be hidden) or to reset passwords (the _back button_ in the _forgot password screen_ will be hidden). In such cases you may also need to specify the `initialScreen`, `allowForgotPassword` and `allowSignUp` options. It defaults to `true`.
		- allowForgotPassword {Boolean}: When set to `false` hides the _"Don't remember your password?"_ link in the _login screen_, making the _forgot password screen_ unreachable. Defaults to `true`. Keep in mind that if you are using a database connection with a _custom database_ which doesn't have a _change password script_ the forgot password screen won't be available.
		- allowSignUp {Boolean}: When set to `false` hides the _login and sign up tabs_ in the _login screen_, making the _sign up screen_ unreachable. Defaults to `true`. Keep in mind that if the database connection has sign ups _disabled_ or you are using a _custom database_ which doesn't have a _create script_, then the sign up screen won't be available.
		- defaultDatabaseConnection {String}: Specifies the database connection that will be used when there is more than one available.
		- initialScreen {String}: Name of the screen that will be shown when the widget is opened. Valid values are `"login"`, `"signUp"`, and `"forgotPassword"`. If this option is left unspecified, the widget will pick the first screen that is available from the previous list. If you set `initialScreen` to `"forgotPassword"` we recommend that you set `allowLogin` to `"false"`, otherwise a back button will be shown in the forgot password screen and it might not be clear to the user where that back button will take them.
		- loginAfterSignUp {Boolean}: Determines whether or not the user will be automatically signed in after a successful sign up. Defaults to `true`.
		- forgotPasswordLink {String}: URL for a page that allows the user to reset her password. When set to a non-empty string, the user will be linked to the provided URL when clicking the _"Don't remember your password?"_ link in the _login screen_.
		- showTerms {Boolean}: When set to `true` displays the `languageDictionary.signUpTerms` string. Defaults to `true`.
		- mustAcceptTerms {Boolean}: When set to `true` displays a checkbox input along with the terms and conditions that must be checked before signing up. The terms and conditions can be specified via the `languageDictionary` option, see the example below. Defaults to `false`.
		- prefill {Object}: Allows you to set the initial value for the _email_ and/or _username_ inputs, e.g. `{prefill: {email: "someone@auth0.com", username: "someone"}}`. When omitted no initial value will be provided.
		- signUpLink {String}: URL for a page that allows the user to sign up. When set to a non-empty string, the user will be linked to the provided URL when clicking the _sign up_ tab in the _login screen_.
		- usernameStyle {String}: Determines what will be used to identify the user for a Database connection that has the `requires_username` flag set, otherwise it will be ignored. Possible values are `"username"` and `"email"` and by default both `username` and `email` are allowed.
		- signUpHideUsernameField {Boolean}: When set to `true` hides the _username_ input during sign up for a Database connection that has the `requires_username` flag set. Defaults to `false`.
		- signUpFieldsStrictValidation {Boolean}: When set to `true`, the _email_ input on the sign-up page is validated using [`validator`](https://www.npmjs.com/package/validator). Otherwise, a very loose check is made on the format before being fully validate on the server. Defaults to `false`.

		#### Enterprise options

		- defaultEnterpriseConnection {String}: Specifies the enterprise connection which allows you to log in using a username and a password that will be used when there is more than one available or there is a database connection. If a `defaultDatabaseConnection` is provided the database connection will be used and this option will be ignored.

		#### Example

		```js
		var options = {
		container: 'myContainer',
		closable: false,
		languageDictionary: {
		signUpTerms:
		"I agree to the <a href='/terms' target='_new'>terms of service</a> and <a href='/privacy' target='_new'>privacy policy</a>.",
		title: 'My Company'
		},
		autofocus: false
		};
		```

		#### Passwordless options

		- passwordlessMethod {String}: When using `Auth0LockPasswordless` with an email connection, you can use this option to pick between sending a [code](https://auth0.com/docs/connections/passwordless/spa-email-code) or a [magic link](https://auth0.com/docs/connections/passwordless/spa-email-link) to authenticate the user. Available values for email connections are `code` and `link`. Defaults to `code`. SMS passwordless connections will always use `code`.
		- useCustomPasswordlessConnection {Boolean}: Enables the use of a custom passwordless connection (see below).

		#### Additional passwordless connections

		By default, only two passwordless connections are available: `email` and `sms`. However, it is possible to create additional passwordless connections that employ the `email` or `sms` strategy through the Management API. To use these connections in Lock, you must:

		1. Specify the custom connection in the `allowedConnections` option, and
		2. Enable the `useCustomPasswordlessConnection` flag in the options

		Users logging in using this connection should then be associated with the correct passwordless connection and this can be verified in [the logs](https://manage.auth0.com/#/logs).

		Note: If you specify more than one connection in `allowedConnections`, the first one will always be used.

		#### Hooks

		Lock supports hooks that can be used to integrate into various procedures within Lock.

		\| Name \| Description \|
		\| ----------- \| -------------------------------------------------------------------------------------------------------------------------------------- \|
		\| `loggingIn` \| Called when the user presses the login button; after validating the login form, but before calling the login endpoint \|
		\| `signingUp` \| Called when the user presses the button on the sign-up page; after validating the signup form, but before calling the sign up endpoint \|

		API
		Both hooks accept two arguments:

		\| Name \| Description \|
		\| --------- \| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
		\| `context` \| this argument is currently always `null` but serves as a future-proofing mechanism to support providing additional data without us requiring breaking changes to the library \|
		\| `cb` \| a callback function to call when the hook is finished. Execution of the user journey is blocked until this function is called by the hook \|

		API

		Specify your hooks using a new `hooks` configuration item when setting up the library:

		```js
		new Auth0Lock('client ID', 'domain', {
		hooks: {
		loggingIn: function (context, cb) {
		console.log('Hello from the login hook!');
		cb();
		},
		signingUp: function (context, cb) {
		console.log('Hello from the sign-up hook!');
		cb();
		}
		}
		});
		```

		Error handling

		The developer can throw an error to block the login or sign-up process. The developer can either specify a specific object and show the error on the page, or throw a generic error which causes Lock to show a fallback error:

		```js
		new Auth0Lock('client ID', 'domain', {
		hooks: {
		loggingIn: function (context, cb) {
		// Throw an object with code: `hook_error` to display this on the Login screen
		throw { code: 'hook_error', description: 'There was an error in the login hook!' };

		// Throw something generic to show a fallback error message
		throw 'Some error happened';
		}
		}
		});
		```

		Note: The error's `description` field is not sanitized by the SDK and so any content that reflects user input or could otherwise display dangerous HTML should be sanitized by your hook.

		#### Other options

		- configurationBaseUrl {String}: Overrides application settings base URL. By default it uses Auth0's CDN URL when the `domain` has the format `*.auth0.com`. Otherwise, it uses the provided `domain`.
		- languageBaseUrl {String}: Overrides the language source URL for Auth0's provided translations. By default it uses to Auth0's CDN URL `https://cdn.auth0.com`.
		- hashCleanup {Boolean}: When enabled, it will remove the hash part of the callback URL after the user authentication. Defaults to `true`.
		- connectionResolver {Function}: When in use, provides an extensibility point to make it possible to choose which connection to use based on the username information. Has `username`, `context`, and `callback` as parameters. The callback expects an object like: `{type: 'database', name: 'connection name'}`. This only works for database connections. Keep in mind that this resolver will run in the form's `onSubmit` event, so keep it simple and fast. This is a beta feature. If you find a bug, please open a GitHub [issue](https://github.com/auth0/lock/issues/new).
		- legacySameSiteCookie: If `false`, no compatibility cookies will be created for those browsers that do not understand the `SameSite` attribute. Defaults to `true`. Note: this setting only has an effect when running on an HTTPS domain; if HTTP is used, no legacy cookies are created regardless of this setting.

		```js
		var options = {
		connectionResolver: function (username, context, cb) {
		var domain = username.includes('@') && username.split('@')[1];
		if (domain) {
		// If the username is test@auth0.com, the connection used will be the `auth0.com` connection.
		// Make sure you have a database connection with the name `auth0.com`.
		cb({ type: 'database', name: domain });
		} else {
		// Use the default approach to figure it out the connection
		cb(null);
		}
		}
		};
		```

		#### Language Dictionary Specification

		A language dictionary is an object that allows you to customize every piece of text the Lock needs to display. For instance, the following code will change the title displayed in the header and the placeholder for the email field.

		```js
		var options = {
		languageDictionary: {
		emailInputPlaceholder: 'Please enter your email',
		title: 'My Company'
		}
		};
		```

		#### Additional sign up fields

		Extra input fields can be added to the sign up screen with the `additionalSignUpFields` option. Every input must have a `name` and a `placeholder`, and an `icon` URL can also be provided. Also, the initial value can be provided with the `prefill` option, which can be a string with the value or a function that obtains it. Other options depend on the type of the field, which is defined via the `type` option and defaults to `"text"`.

		Additional sign up fields are rendered below the default fields in the order they are provided.

		:warning: Note: From `11.34.2` onwards, all HTML tags are stripped from user input into custom signup fields.

		##### Text field

		A `validator` function can also be provided.

		```js
		var options = {
		additionalSignUpFields: [
		{
		name: 'address',
		placeholder: 'enter your address',
		// The following properties are optional
		ariaLabel: 'Address',
		icon: 'https://example.com/assets/address_icon.png',
		prefill: 'street 123',
		validator: function (address) {
		return {
		valid: address.length >= 10,
		hint: 'Must have 10 or more chars' // optional
		};
		}
		}
		]
		};
		```

		If you don't provide a `validator` function a default validator is applied, which requires the text field to contain some value (be non-empty). You can make a field optional by using a validator that always return `true`:

		```js
		var options = {
		additionalSignUpFields: [
		{
		name: 'address',
		placeholder: 'enter your address (optional)',
		validator: function () {
		return true;
		}
		}
		]
		};
		```

		If you want to save the value of the attribute in the root of your profile, use `storage: 'root'`. Only a subset of values can be stored this way. The list of attributes that can be added to your root profile is [here](https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id). By default, every additional sign up field is stored inside the `user_metadata` object.

		```js
		var options = {
		additionalSignUpFields: [
		{
		name: 'name',
		storage: 'root'
		}
		]
		};
		```

		##### Select field

		To specify a select field `type: "select"` needs to be provided along with the `options` property.

		```js
		var options = {
		additionalSignUpFields: [
		{
		type: 'select',
		name: 'location',
		placeholder: 'choose your location',
		options: [
		{ value: 'us', label: 'United States' },
		{ value: 'fr', label: 'France' },
		{ value: 'ar', label: 'Argentina' }
		],
		// The following properties are optional
		ariaLabel: 'Location',
		icon: 'https://example.com/assets/location_icon.png',
		prefill: 'us'
		}
		]
		};
		```

		The `options` and the `prefill` value can be provided through a function.

		```js
		var options = {
		additionalSignUpFields: [
		{
		type: 'select',
		name: 'location',
		placeholder: 'choose your location',
		options: function (cb) {
		// obtain options, in case of error you call cb with the error in the
		// first arg instead of null
		cb(null, options);
		},
		ariaLabel: 'Location',
		icon: 'https://example.com/assets/location_icon.png',
		prefill: function (cb) {
		// obtain prefill, in case of error you call cb with the error in the
		// first arg instead of null
		cb(null, prefill);
		}
		}
		]
		};
		```

		##### Checkbox field

		To specify a checkbox field use: `type: "checkbox"`
		The `prefill` value can determine the default state of the checkbox and it is required.

		```js
		var options = {
		additionalSignUpFields: [
		{
		type: 'checkbox',
		name: 'newsletter',
		prefill: 'true',
		placeholder: 'I hereby agree that I want to receive marketing emails from your company',
		// placeholderHTML - is an optional field and overrides the value of placeholder
		// do not use user inputted data for HTML fields as they are vulnerable to XSS
		placeholderHTML:
		'<b>I hereby agree that I want to receive marketing emails from your company</b>',
		// ariaLabel - is an optional field
		ariaLabel: 'Activate Newsletter'
		}
		]
		};
		```

		##### Hidden field

		To specify a hidden field use: `type: "hidden"`. Both the `value` and `name` properties are required.

		```js
		var options = {
		additionalSignUpFields: [
		{
		type: 'hidden',
		name: 'signup_code',
		value: 'foobar123'
		}
		]
		};
		```

		#### Avatar provider

		Lock can show avatars fetched from anywhere. A custom avatar provider can be specified with the `avatar` option by passing an object with the keys `url` and `displayName`. Both properties are functions that take an email and a callback function.

		```js
		var options = {
		avatar: {
		url: function (email, cb) {
		// obtain URL for email, in case of error you call cb with the error in
		// the first arg instead of null
		cb(null, url);
		},
		displayName: function (email, cb) {
		// obtain displayName for email, in case of error you call cb with the
		// error in the first arg instead of null
		cb(null, displayName);
		}
		}
		};
		```

		### Popup mode

		A popup window can be displayed instead of redirecting the user to a social provider website. While this has the advantage of preserving page state, it has some issues. Often times users have popup blockers that prevent the login page from even displaying. There are also known issues with mobile browsers. For example, in recent versions of Chrome on iOS, the login popup does not [close properly](https://github.com/auth0/lock/issues/71) after login. For these reasons, we encourage developers to avoid this mode, even with Single Page Apps.

		If you decide to use popup mode you can activate it by passing the option `auth: {redirect: false}` when constructing `Auth0Lock`.

		```js
		var clientId = 'YOUR_AUTH0_APP_CLIENTID';
		var domain = 'YOUR_DOMAIN_AT.auth0.com';
		var options = {
		auth: {
		redirect: false
		}
		};

		var lock = new Auth0Lock(clientId, domain, options);
		lock.show();
		```

		More information can be found in [Auth0's documentation](https://auth0.com/docs/libraries/lock/v11/authentication-modes#popup-mode).

		## Browser Compatibility

		We ensure browser compatibility in Chrome, Safari, Firefox and IE >= 10. We currently use [zuul](https://github.com/defunctzombie/zuul) along with [Saucelabs](https://saucelabs.com) to run integration tests on each push.

		## Issue Reporting

		If you have found a bug, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.

		:warning: Note: We are no longer supporting requests for new features. Only requests for bug fixes or security patches will be considered.

		## Author

		[Auth0](https://auth0.com)

		## License

		This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.

		[circleci-image]: https://img.shields.io/circleci/project/github/auth0/lock.svg?style=flat-square
		[circleci-url]: https://circleci.com/gh/auth0/lock/tree/master
		[npm-image]: https://img.shields.io/npm/v/auth0-lock.svg?style=flat-square
		[npm-url]: https://npmjs.org/package/auth0-lock
		[license-image]: https://img.shields.io/npm/l/auth0-lock.svg?style=flat-square
		[license-url]: #license
		[downloads-image]: https://img.shields.io/npm/dm/auth0-lock.svg?style=flat-square
		[downloads-url]: https://npmjs.org/package/auth0-lock
		[david-image]: https://david-dm.org/auth0/lock/status.svg?style=flat-square
		[david-url]: https://david-dm.org/auth0/lock

		[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Flock.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Flock?ref=badge_large)
		<p align="center">
		<picture>
		<source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
		<source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
		<img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
		</picture>
		</p>
		<p align="center">
		Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a>
		</p>
		<p align="center">
		This project is licensed under the MIT license. See the <a href="https://github.com/auth0/lock/blob/master/LICENSE"> LICENSE</a> file for more info.
		</p>

.circleci/config.yml

Sorry, the diff of this file is not supported yet

CHANGELOG.md

Sorry, the diff of this file is too big to display

lib/core.js

Sorry, the diff of this file is too big to display

auth0-lock - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes