Add cookieDomain option (#1304)

Co-authored-by: frederikprijck <[email protected]>
auth0 · May 24, 2023 · 2128c8d · 2128c8d
1 parent 50de71b
commit 2128c8d
Show file tree

Hide file tree

Showing 11 changed files with 105 additions and 53 deletions.
diff --git a/dist/auth0.js b/dist/auth0.js
@@ -1,7 +1,7 @@
 /**
  * auth0-js v9.20.2
  * Author: Auth0
- * Date: 2023-02-28
+ * Date: 2023-05-24
  * License: MIT
  */
 
@@ -5552,8 +5552,12 @@
 	};
 
 	CookieStorage.prototype.removeItem = function (key) {
-	  js_cookie.remove(key);
-	  js_cookie.remove(buildCompatCookieKey(key));
+	  var params = {};
+	  if (this._options.cookieDomain) {
+	    params.domain = this._options.cookieDomain;
+	  }
+	  js_cookie.remove(key, params);
+	  js_cookie.remove(buildCompatCookieKey(key), params);
 	};
 
 	CookieStorage.prototype.setItem = function (key, value, options) {
@@ -5575,6 +5579,10 @@
 	    }
 	  }
 
+	  if (this._options.cookieDomain) {
+	    params.domain = this._options.cookieDomain;
+	  }
+
 	  js_cookie.set(key, value, params);
 	};
 
@@ -7825,6 +7833,7 @@
 	 * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
 	 * @param {Array} [options.plugins]
 	 * @param {Boolean} [options.legacySameSiteCookie] set this to `false` to disable the legacy compatibility cookie that is created for older browsers that don't support the SameSite attribute (defaults to `true`)
+	 * @param {String} [options.cookieDomain]  The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a `.` (eg: `.example.com`).
 	 * @param {Number} [options._timesToRetryFailedRequests] Number of times to retry a failed request, according to {@link https://github.com/visionmedia/superagent/blob/master/lib/request-base.js}
 	 * @see {@link https://auth0.com/docs/api/authentication}
 	 */
@@ -8183,10 +8192,10 @@
 	            return callback(
 	              error.invalidToken(
 	                'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
-	                  transactionOrganization +
-	                  '", found "' +
-	                  payload.org_id +
-	                  '"'
+	                transactionOrganization +
+	                '", found "' +
+	                payload.org_id +
+	                '"'
 	              )
 	            );
 	          }
@@ -9301,6 +9310,7 @@
 	 * @param {String} [options.responseMode] how the Auth response is encoded and redirected back to the client. Supported values are `query`, `fragment` and `form_post`. {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
 	 * @param {String} [options.scope] scopes to be requested during Auth. e.g. `openid email`
 	 * @param {String} [options.audience] identifier of the resource server who will consume the access token issued after Auth
+	 * @param {String} [options.cookieDomain]  The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a `.` (eg: `.example.com`).
 	 * @see {@link https://auth0.com/docs/api/authentication}
 	 */
 	function Authentication(auth0, options) {
@@ -9368,7 +9378,7 @@
 
 	  this.baseOptions.rootUrl =
 	    this.baseOptions.domain &&
-	    this.baseOptions.domain.toLowerCase().indexOf('http') === 0
+	      this.baseOptions.domain.toLowerCase().indexOf('http') === 0
 	      ? this.baseOptions.domain
 	      : 'https://' + this.baseOptions.domain;
 
@@ -9403,7 +9413,7 @@
 	 * @see {@link https://auth0.com/docs/api/authentication#social}
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.buildAuthorizeUrl = function(options) {
+	Authentication.prototype.buildAuthorizeUrl = function (options) {
 	  var params;
 	  var qString;
 
@@ -9441,7 +9451,7 @@
 	      nonce: {
 	        type: 'string',
 	        message: 'nonce option is required',
-	        condition: function(o) {
+	        condition: function (o) {
 	          return (
 	            o.responseType.indexOf('code') === -1 &&
 	            o.responseType.indexOf('id_token') !== -1
@@ -9502,7 +9512,7 @@
 	 * @see {@link https://auth0.com/docs/api/authentication#logout}
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.buildLogoutUrl = function(options) {
+	Authentication.prototype.buildLogoutUrl = function (options) {
 	  var params;
 	  var qString;
 
@@ -9572,7 +9582,7 @@
 	 * @see Requires [`password` grant]{@link https://auth0.com/docs/api-auth/grant/password}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.loginWithDefaultDirectory = function(options, cb) {
+	Authentication.prototype.loginWithDefaultDirectory = function (options, cb) {
 	  assert.check(
 	    options,
 	    { type: 'object', message: 'options parameter is not valid' },
@@ -9611,7 +9621,7 @@
 	 * @see Requires [`http://auth0.com/oauth/grant-type/password-realm` grant]{@link https://auth0.com/docs/api-auth/grant/password#realm-support}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.login = function(options, cb) {
+	Authentication.prototype.login = function (options, cb) {
 	  assert.check(
 	    options,
 	    { type: 'object', message: 'options parameter is not valid' },
@@ -9643,7 +9653,7 @@
 	 * @method oauthToken
 	 * @private
 	 */
-	Authentication.prototype.oauthToken = function(options, cb) {
+	Authentication.prototype.oauthToken = function (options, cb) {
 	  var url;
 	  var body;
 
@@ -9704,7 +9714,7 @@
 	 * @param {tokenCallback} cb function called with the result of the request
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.loginWithResourceOwner = function(options, cb) {
+	Authentication.prototype.loginWithResourceOwner = function (options, cb) {
 	  var url;
 	  var body;
 
@@ -9748,7 +9758,7 @@
 	 * @param {Function} cb
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.getSSOData = function(withActiveDirectories, cb) {
+	Authentication.prototype.getSSOData = function (withActiveDirectories, cb) {
 	  /* istanbul ignore if  */
 	  if (!this.auth0) {
 	    this.auth0 = new WebAuth(this.baseOptions);
@@ -9772,7 +9782,7 @@
 	      connection: ssodataInformation.lastUsedConnection,
 	      timeout: 5000
 	    },
-	    function(err, result) {
+	    function (err, result) {
 	      if (err) {
 	        if (err.error === 'login_required') {
 	          return cb(null, { sso: false });
@@ -9820,7 +9830,7 @@
 	 * @see   {@link https://auth0.com/docs/api/authentication#get-user-info}
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.userInfo = function(accessToken, cb) {
+	Authentication.prototype.userInfo = function (accessToken, cb) {
 	  var url;
 
 	  assert.check(accessToken, {
@@ -9845,7 +9855,7 @@
 	 * @param {callback} cb
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.getChallenge = function(cb) {
+	Authentication.prototype.getChallenge = function (cb) {
 	  assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });
 
 	  if (!this.baseOptions.state) {
@@ -9884,7 +9894,7 @@
 	 * @see Requires [http://auth0.com/oauth/grant-type/password-realm]{@link https://auth0.com/docs/api-auth/grant/password#realm-support}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.delegation = function(options, cb) {
+	Authentication.prototype.delegation = function (options, cb) {
 	  var url;
 	  var body;
 
@@ -9917,7 +9927,7 @@
 	 * @param {Function} cb
 	 * @memberof Authentication.prototype
 	 */
-	Authentication.prototype.getUserCountry = function(cb) {
+	Authentication.prototype.getUserCountry = function (cb) {
 	  var url;
 
 	  assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });

diff --git a/dist/auth0.min.esm.js b/dist/auth0.min.esm.js
diff --git a/dist/auth0.min.esm.js.map b/dist/auth0.min.esm.js.map
diff --git a/dist/auth0.min.js b/dist/auth0.min.js
diff --git a/dist/auth0.min.js.map b/dist/auth0.min.js.map
diff --git a/dist/cordova-auth0-plugin.js b/dist/cordova-auth0-plugin.js
@@ -1,7 +1,7 @@
 /**
  * auth0-js v9.20.2
  * Author: Auth0
- * Date: 2023-02-28
+ * Date: 2023-05-24
  * License: MIT
  */
 

diff --git a/dist/cordova-auth0-plugin.min.js b/dist/cordova-auth0-plugin.min.js
diff --git a/src/authentication/index.js b/src/authentication/index.js
@@ -24,6 +24,7 @@ import DBConnection from './db-connection';
  * @param {String} [options.responseMode] how the Auth response is encoded and redirected back to the client. Supported values are `query`, `fragment` and `form_post`. {@link https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes}
  * @param {String} [options.scope] scopes to be requested during Auth. e.g. `openid email`
  * @param {String} [options.audience] identifier of the resource server who will consume the access token issued after Auth
+ * @param {String} [options.cookieDomain]  The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a `.` (eg: `.example.com`).
  * @see {@link https://auth0.com/docs/api/authentication}
  */
 function Authentication(auth0, options) {
@@ -91,7 +92,7 @@ function Authentication(auth0, options) {
 
   this.baseOptions.rootUrl =
     this.baseOptions.domain &&
-    this.baseOptions.domain.toLowerCase().indexOf('http') === 0
+      this.baseOptions.domain.toLowerCase().indexOf('http') === 0
       ? this.baseOptions.domain
       : 'https://' + this.baseOptions.domain;
 
@@ -126,7 +127,7 @@ function Authentication(auth0, options) {
  * @see {@link https://auth0.com/docs/api/authentication#social}
  * @memberof Authentication.prototype
  */
-Authentication.prototype.buildAuthorizeUrl = function(options) {
+Authentication.prototype.buildAuthorizeUrl = function (options) {
   var params;
   var qString;
 
@@ -164,7 +165,7 @@ Authentication.prototype.buildAuthorizeUrl = function(options) {
       nonce: {
         type: 'string',
         message: 'nonce option is required',
-        condition: function(o) {
+        condition: function (o) {
           return (
             o.responseType.indexOf('code') === -1 &&
             o.responseType.indexOf('id_token') !== -1
@@ -225,7 +226,7 @@ Authentication.prototype.buildAuthorizeUrl = function(options) {
  * @see {@link https://auth0.com/docs/api/authentication#logout}
  * @memberof Authentication.prototype
  */
-Authentication.prototype.buildLogoutUrl = function(options) {
+Authentication.prototype.buildLogoutUrl = function (options) {
   var params;
   var qString;
 
@@ -295,7 +296,7 @@ Authentication.prototype.buildLogoutUrl = function(options) {
  * @see Requires [`password` grant]{@link https://auth0.com/docs/api-auth/grant/password}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
  * @memberof Authentication.prototype
  */
-Authentication.prototype.loginWithDefaultDirectory = function(options, cb) {
+Authentication.prototype.loginWithDefaultDirectory = function (options, cb) {
   assert.check(
     options,
     { type: 'object', message: 'options parameter is not valid' },
@@ -334,7 +335,7 @@ Authentication.prototype.loginWithDefaultDirectory = function(options, cb) {
  * @see Requires [`http://auth0.com/oauth/grant-type/password-realm` grant]{@link https://auth0.com/docs/api-auth/grant/password#realm-support}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
  * @memberof Authentication.prototype
  */
-Authentication.prototype.login = function(options, cb) {
+Authentication.prototype.login = function (options, cb) {
   assert.check(
     options,
     { type: 'object', message: 'options parameter is not valid' },
@@ -366,7 +367,7 @@ Authentication.prototype.login = function(options, cb) {
  * @method oauthToken
  * @private
  */
-Authentication.prototype.oauthToken = function(options, cb) {
+Authentication.prototype.oauthToken = function (options, cb) {
   var url;
   var body;
 
@@ -427,7 +428,7 @@ Authentication.prototype.oauthToken = function(options, cb) {
  * @param {tokenCallback} cb function called with the result of the request
  * @memberof Authentication.prototype
  */
-Authentication.prototype.loginWithResourceOwner = function(options, cb) {
+Authentication.prototype.loginWithResourceOwner = function (options, cb) {
   var url;
   var body;
 
@@ -471,7 +472,7 @@ Authentication.prototype.loginWithResourceOwner = function(options, cb) {
  * @param {Function} cb
  * @memberof Authentication.prototype
  */
-Authentication.prototype.getSSOData = function(withActiveDirectories, cb) {
+Authentication.prototype.getSSOData = function (withActiveDirectories, cb) {
   /* istanbul ignore if  */
   if (!this.auth0) {
     this.auth0 = new WebAuth(this.baseOptions);
@@ -495,7 +496,7 @@ Authentication.prototype.getSSOData = function(withActiveDirectories, cb) {
       connection: ssodataInformation.lastUsedConnection,
       timeout: 5000
     },
-    function(err, result) {
+    function (err, result) {
       if (err) {
         if (err.error === 'login_required') {
           return cb(null, { sso: false });
@@ -543,7 +544,7 @@ Authentication.prototype.getSSOData = function(withActiveDirectories, cb) {
  * @see   {@link https://auth0.com/docs/api/authentication#get-user-info}
  * @memberof Authentication.prototype
  */
-Authentication.prototype.userInfo = function(accessToken, cb) {
+Authentication.prototype.userInfo = function (accessToken, cb) {
   var url;
 
   assert.check(accessToken, {
@@ -568,7 +569,7 @@ Authentication.prototype.userInfo = function(accessToken, cb) {
  * @param {callback} cb
  * @memberof Authentication.prototype
  */
-Authentication.prototype.getChallenge = function(cb) {
+Authentication.prototype.getChallenge = function (cb) {
   assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });
 
   if (!this.baseOptions.state) {
@@ -607,7 +608,7 @@ Authentication.prototype.getChallenge = function(cb) {
  * @see Requires [http://auth0.com/oauth/grant-type/password-realm]{@link https://auth0.com/docs/api-auth/grant/password#realm-support}. For more information, read {@link https://auth0.com/docs/clients/client-grant-types}.
  * @memberof Authentication.prototype
  */
-Authentication.prototype.delegation = function(options, cb) {
+Authentication.prototype.delegation = function (options, cb) {
   var url;
   var body;
 
@@ -640,7 +641,7 @@ Authentication.prototype.delegation = function(options, cb) {
  * @param {Function} cb
  * @memberof Authentication.prototype
  */
-Authentication.prototype.getUserCountry = function(cb) {
+Authentication.prototype.getUserCountry = function (cb) {
   var url;
 
   assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });

diff --git a/src/helper/storage/cookie.js b/src/helper/storage/cookie.js
@@ -17,8 +17,12 @@ CookieStorage.prototype.getItem = function (key) {
 };
 
 CookieStorage.prototype.removeItem = function (key) {
-  Cookie.remove(key);
-  Cookie.remove(buildCompatCookieKey(key));
+  var params = {};
+  if (this._options.cookieDomain) {
+    params.domain = this._options.cookieDomain;
+  }
+  Cookie.remove(key, params);
+  Cookie.remove(buildCompatCookieKey(key), params);
 };
 
 CookieStorage.prototype.setItem = function (key, value, options) {
@@ -40,6 +44,10 @@ CookieStorage.prototype.setItem = function (key, value, options) {
     }
   }
 
+  if (this._options.cookieDomain) {
+    params.domain = this._options.cookieDomain;
+  }
+
   Cookie.set(key, value, params);
 };
 

diff --git a/src/web-auth/index.js b/src/web-auth/index.js
@@ -40,6 +40,7 @@ function defaultClock() {
  * @param {String} [options.invitation] the ID of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow
  * @param {Array} [options.plugins]
  * @param {Boolean} [options.legacySameSiteCookie] set this to `false` to disable the legacy compatibility cookie that is created for older browsers that don't support the SameSite attribute (defaults to `true`)
+ * @param {String} [options.cookieDomain]  The domain the cookie is accessible from. If not set, the cookie is scoped to the current domain, including the subdomain. To keep a user logged in across multiple subdomains set this to your top-level domain and prefixed with a `.` (eg: `.example.com`).
  * @param {Number} [options._timesToRetryFailedRequests] Number of times to retry a failed request, according to {@link https://github.com/visionmedia/superagent/blob/master/lib/request-base.js}
  * @see {@link https://auth0.com/docs/api/authentication}
  */
@@ -398,10 +399,10 @@ WebAuth.prototype.validateAuthenticationResponse = function (
             return callback(
               error.invalidToken(
                 'Organization Id (org_id) claim value mismatch in the ID token; expected "' +
-                  transactionOrganization +
-                  '", found "' +
-                  payload.org_id +
-                  '"'
+                transactionOrganization +
+                '", found "' +
+                payload.org_id +
+                '"'
               )
             );
           }