(AUTH-4026)
Samples from the p2 branch are using outdated versions of auth0-lock and auth0.js

Required increase of leeway parameter value in all seeds projects.
Current value leeway: 30
Value with which it works leeway: 60

This causes the following error when trying to log in:

When trying to renew the token, the call to the authorization API fails with a 400 error code.

(AUTH-3836)
When I've tried to log in using 01-Login-Sample, I've received this warning:

04-Authorization and 03-Calling-an-API Projects sample has not the express-jwt-authz dependency.

Please update README.md for Seed Starter

You can read a quickstart guide for this sample here.

No link exist. Thanks.

The projects 01-Login, 02-User-Profile, 03-Calling-an-API, 04-Authorization has not the parameter leeway in the webAuth instantiation.
File app.js

This causes the following error when trying to log in:

Information displayed in the browser console:

04-Authorization and 03-Calling-an-API sample projects are using outdated dependencies of the libraries:
"express": "^4.14.0" -> latest version: 4.15.3
"express-jwt": "^5.1.0" -> latest version: 5.3.0

(AUTH-3838)
02-Custom-Login-Form passes redirect_to: 'http://localhost:3000' to webauth.logout, but correct usage for redirect is returnTo: 'http://localhost:3000'. Also Readme.md need to have instruction to include http://localhost:3000 to Allowed Logout URLs section.

For the sake of correctness and to avoid confusion, remove the ng-click attribute from the sign in button.

(AUTH-3837)
Same issue as auth0-samples/auth0-angularjs-samples#4, after I've registered new user, received error invalid_token.

But in logs everything is fine.

I noticed that in the app.js, the custom-login requires a callbackURL: 'http://YOUR_APP/callback'.
Is this the same with the AUTH0_CALLBACK_URL found in the auth0-variable.js?

• If yes, why not use the callbackURL in the auth0-variable.js?
• If not, please include in the README file that they have to include a callbackURL in the app.js - callbackURL: 'http://YOUR_APP/callback'. Then maybe give a note or purpose for adding the callbackURL.

Also, the link in the "You can read a quickstart guide for this sample here" is also broken. Please update.

I have created an issue the other day which can be added in this README.md too. You can include "adding the callbackURL in the app.js" in the important setup section, too.

Thanks :)

There's a typo in the Authorization sample page (the correct way is: from the variable)

• https://auth0.com/docs/quickstart/spa/jquery/04-authorization#handle-scopes

Why is the access_token stored in local storage?

Thought this is not secure?

function setSession(authResult) {
// Set the time that the access token will expire at
var expiresAt = JSON.stringify(
authResult.expiresIn * 1000 + new Date().getTime()
);
localStorage.setItem('access_token', authResult.accessToken);
localStorage.setItem('id_token', authResult.idToken);
localStorage.setItem('expires_at', expiresAt);
}

Before Running the Example Section.

Important Setup:

1. Include your AUTH0_CLIENT_ID and AUTH0_DOMAIN in your auth0-variables.js. These can be found in the Application Setting of your dashboard.
2. Go to the Application Setting and include http://localhost:3000 in the following fields:

• Allowed Callback URLs
• Allowed Origins (CORS)

This will prevent the following errors:

1. Callback URLS - Callback URL mismatch.
   The url "http://localhost:3000/" is not in the list of allowed callback URLs: .
2. CORS - [Error] XMLHttpRequest cannot load https://yourappname.auth0.com/user/ssodata. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.

Where to find the Application setting:

1. Go to: Client
2. Choose the App that you are using and click the Settings Icon in line with it. You will find all the details about your app.

Adding this info in the README.md will prevents potential errors or questions from future Auth0 clients.

Thanks. :)

Required increase of leeway parameter value in all seeds projects.
Current value leeway: 30
Value with which it works leeway: 60

This causes the following error when trying to log in:

Seeds projects are using an oudated version of the dependency auth0-js
Latest auth0-js version 8.8.0

In the JQuery quickstart, the validation of credentials to show some options and the message indicating that you're already logged in only considerates the "expires_at" field.

I was able to manually generate and set this time on the browser's local storage, then I was able to access the options for a logged in user:

(AUTH-4057)
Samples using outdated auth0.js and serve versions. (02-User-Profile uses outdated auth0.js version and 03-Calling-an-API uses outdated auth0.js and serve versions)

Seeds projects are using outdated dependency
Latest auth0-js version 8.9.2