Thanks @carlaustabile, do you have any details around the TEST objects, and what to manipulate to simulate different test scenarios, such as SAMLP or ADFS for example (what specific properties should be modified to simulate correctly). This Test object is quite large. Any documentation or training would be helpful if there is any. Also, where can you pick up the idToken after running the TEST feature, to see if any claims you've added are present?
Off the video question - Can we validate the access token using token introspection url for single page app that do not have client secret? If yes, how
Hello! Thanks for watching! SPAs, like any public client, are not supposed to inspect access tokens. The intended recipient of an access token (audience) is the API, and only the API is authorized to inspect them
Never mind, I found the answer: QT: Also, async / await is set up by default, so you do not need to use callbacks.:UNQT. You can see it in this blog on the Auth0 site: Introducing Auth0 Actions (scroll down about 45% of the page).
Thanks @carlaustabile, do you have any details around the TEST objects, and what to manipulate to simulate different test scenarios, such as SAMLP or ADFS for example (what specific properties should be modified to simulate correctly). This Test object is quite large.
Any documentation or training would be helpful if there is any.
Also, where can you pick up the idToken after running the TEST feature, to see if any claims you've added are present?
Thumbs up, but it would be useful to know whey we no longer need callbacks. Thanks in advance.
if I want to redirect user goes to mfa selecting page after reset password, how should I do it ?
How to resolve this and can you please add runnable code in repo which you showed in Demo as well
Hi! You can find all the code in the original blog post: auth0.com/blog/migrating-auth0-rules-to-auth0-actions/
Off the video question -
Can we validate the access token using token introspection url for single page app that do not have client secret?
If yes, how
Hello! Thanks for watching! SPAs, like any public client, are not supposed to inspect access tokens.
The intended recipient of an access token (audience) is the API, and only the API is authorized to inspect them
@@carlaustabile
In that case, how do we inspect them with the API, assuming, of course, we are the API owner?
Never mind, I found the answer: QT: Also, async / await is set up by default, so you do not need to use callbacks.:UNQT.
You can see it in this blog on the Auth0 site: Introducing Auth0 Actions (scroll down about 45% of the page).