- Changes for new Lock passwordless

- Set oidcConformant in Lock samples

Author: aaguiarz

articles/_includes/_lock-sdk.html

@@ -23,6 +23,7 @@
       <pre class="hljs html"><code>&lt;script src=&quot;${lock_url}&quot;&gt;&lt;/script&gt;
 &lt;script&gt;
   var lock = new Auth0Lock('${account.clientId}', '${account.namespace}', {
+    oidcConformant: true,      // Forces an OIDC comformant flow    
     auth: {
       redirectUrl: '${account.callback}',
       responseType: 'code',
@@ -42,58 +43,77 @@
 &lt;script&gt;
   var lock = new Auth0Lock('${account.clientId}', '${account.namespace}', {
     container: 'root',
+    oidcConformant: true,                    // Forces an OIDC comformant flow
     auth: {
-      redirectUrl: '${account.callback}',
+      redirectUrl: '${account.callback}',    // If not specified, defaults to the current page 
       responseType: 'code',
       params: {
-        scope: 'openid email' // Learn about scopes: https://auth0.com/docs/scopes
+        scope: 'openid email'                // Learn about scopes: https://auth0.com/docs/scopes
       }
     }
   });
   lock.show();
 &lt;/script&gt;</code></pre>
     </div>
     <div id="passwordless-sms" class="tab-pane">
-      <pre class="hljs html"><code>&lt;script src=&quot;https://cdn.auth0.com/js/lock-passwordless-2.2.min.js&quot;&gt;&lt;/script&gt;
+      <pre class="hljs html"><code>&lt;script src=&quot;${lock_url}&quot;&gt;&lt;/script&gt;
 &lt;script&gt;
-  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}');
-  function open() {
-    lock.sms({
-      callbackURL: '${account.callback}',
-      authParams: {
-        scope: 'openid email' // Learn about scopes: https://auth0.com/docs/scopes
+  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}', {
+        oidcConformant: true,                    // Forces an OIDC comformant flow
+        allowedConnections: ['sms'],             // Should match the SMS connection name  
+        auth: {
+          redirectUrl: '${account.callback}',    // If not specified, defaults to the current page 
+          params: {
+            scope: 'openid email'                // Learn about scopes: https://auth0.com/docs/scopes
+          }          
+        }
       }
-    });
-  }
+  );
+
+  function open() {
+    lock.show();
+  };
+
 &lt;/script&gt;
 &lt;button onclick=&quot;window.open();&quot;&gt;SMS&lt;/button&gt;</code></pre>
     </div>
     <div id="passwordless-magiclink" class="tab-pane">
-      <pre class="hljs html"><code>&lt;script src=&quot;https://cdn.auth0.com/js/lock-passwordless-2.2.min.js&quot;&gt;&lt;/script&gt;
+      <pre class="hljs html"><code>&lt;script src=&quot;${lock_url}&quot;&gt;&lt;/script&gt;
 &lt;script&gt;
-  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}');
+  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}', {
+    oidcConformant: true,                    // Forces an OIDC comformant flow
+    passwordlessMethod: "link",              // Sets Lock to use magic link
+    auth: {
+      redirectUrl: '${account.callback}',    // If not specified, defaults to the current page 
+      params: {
+        scope: 'openid email'                // Learn about scopes: https://auth0.com/docs/scopes
+      }          
+    }
+  });
+
   function open() {
-    lock.magiclink({
-      callbackURL: '${account.callback}',
-      authParams: {
-        scope: 'openid email' // Learn about scopes: https://auth0.com/docs/scopes
-      }
-    });
-  }
+    lock.show();
+   }
 &lt;/script&gt;
 &lt;button onclick=&quot;window.open();&quot;&gt;Magic Link&lt;/button&gt;</code></pre>
     </div>
     <div id="passwordless-emailcode" class="tab-pane">
       <pre class="hljs html"><code>&lt;script src=&quot;https://cdn.auth0.com/js/lock-passwordless-2.2.min.js&quot;&gt;&lt;/script&gt;
 &lt;script&gt;
-  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}');
+  var lock = new Auth0LockPasswordless('${account.clientId}', '${account.namespace}', {
+    oidcConformant: true,                    // Forces an OIDC comformant flow
+    allowedConnections: ['email'],           // Should match the Email connection name, it defaults to 'email'     
+    passwordlessMethod: 'code',              // If not specified, defaults to 'code'
+    auth: {
+      redirectUrl: '${account.callback}',    // If not specified, defaults to the current page 
+      params: {
+        scope: 'openid email'                // Learn about scopes: https://auth0.com/docs/scopes
+      }          
+    }
+  });
+
   function open() {
-    lock.emailcode({
-      callbackURL: '${account.callback}',
-      authParams: {
-        scope: 'openid email'  // Learn about scopes: https://auth0.com/docs/scopes
-      }
-    });
+    lock.show();
   }
 &lt;/script&gt;
 &lt;button onclick=&quot;window.open();&quot;&gt;Email Code&lt;/button&gt;</code></pre>

articles/api-auth/dynamic-client-registration.md

@@ -122,6 +122,7 @@ Sample script:
   }
 
   var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
+    oidcConformant: true,
     auth: {
       redirectUrl: config.callbackURL,
       responseType: config.callbackOnLocationHash ? 'token' : 'code',

articles/api-auth/intro.md

@@ -179,7 +179,9 @@ At the moment there is no OIDC-compliant mechanism to obtain third-party API tok
 
 ### Passwordless
 
-Our new implementation does not support passwordless authentication. We are currently evaluating this feature and our approach. We plan on supporting this in future releases.
+Our new implementation only supports an [OIDC-conformant](/api-auth/tutorials/adoption) passwordless authentication mechanism using the Auth0-hosted login page.
+
+We plan on implementing OIDC-conformant passwordless authentication mechanism for embedded login scenarios in future releases.
 
 ### Other Authentication API endpoints
 

articles/api-auth/passwordless.md

@@ -16,6 +16,6 @@ Without passwords, your application will not need to implement a password-reset
 
 ## OIDC Conformant Passwordless
 
-Auth0 currently supports [OIDC-conformant](/api-auth/tutorials/adoption) passwordless authentication using centralized login (with the Auth0 [hosted login page](/hosted-pages/login)).
+Auth0 currently only supports an [OIDC-conformant](/api-auth/tutorials/adoption) passwordless authentication mechanism using the Auth0-hosted login page.
 
-Customers can use the Lock (Passwordless) template in the [Dashboard](${manage_url}) under **Hosted Pages > Default Templates**, or customize it to fit specific requirements.
+We plan on implementing OIDC-conformant passwordless authentication mechanism for embedded login scenarios in future releases.

articles/api-auth/tutorials/adoption/_index.md

@@ -10,5 +10,5 @@
   - [Client Credentials exchange](/api-auth/tutorials/adoption/client-credentials) (only available in new pipeline)
 * [Refresh tokens](/api-auth/tutorials/adoption/refresh-tokens)
 * [Delegation (deprecated)](/api-auth/tutorials/adoption/delegation)
-* [Passwordless authentication](/api-auth/passwordless)
+* [Passwordless authentication for Embedded Login (unsupported)](/api-auth/passwordless)
 * [List of breaking changes for OIDC-conformant clients](/api-auth/tutorials/adoption/oidc-conformant)

articles/api-auth/tutorials/adoption/oidc-conformant.md

@@ -26,7 +26,7 @@ Enabling this flag on a client will have the following effects:
 * [Refresh tokens must be used at the token endpoint]() instead of /delegation.
 * The `device` parameter, originally used to obtain refresh tokens, is now considered invalid.
 * The legacy [resource owner endpoint](/api/authentication#database-ad-ldap-active-) is disabled.
-    - Passwordless authentication is implemented at this endpoint, so it will be disabled as well.
+    - Passwordless authentication for embedded login is implemented at this endpoint, so it will be disabled as well. 
       Support for OIDC-conformant passwordless authentication will be added in future releases.
 * The [/oauth/access_token endpoint](/api/authentication#post-oauth-access_token), used for social authentication from native mobile applications, is disabled.
   An OIDC-conformant alternative will be added in future releases.

articles/api/authentication/_passwordless.md

@@ -153,7 +153,7 @@ curl --request POST \
   });
 
   // Verify code sent via email
-  webAuth.passwordlessVerify({
+  webAuth.passwordlessLogin({
       connection: 'email',
       email: 'USER_EMAIL',
       verificationCode: 'VERIFICATION_CODE_SENT'
@@ -163,7 +163,7 @@ curl --request POST \
   );
 
   // Verify code sent within link using email
-  webAuth.passwordlessVerify({
+  webAuth.passwordlessLogin({
       connection: 'email',
       email: 'USER_EMAIL',
       verificationCode: 'VERIFICATION_CODE_SENT_WITHIN_LINK'
@@ -173,7 +173,7 @@ curl --request POST \
   );
 
   // Verify code sent via SMS
-  webAuth.passwordlessVerify({
+  webAuth.passwordlessLogin({
       connection: 'sms',
       phoneNumber: 'USER_PHONE_NUMBER',
       verificationCode: 'VERIFICATION_CODE_SENT'

articles/connections/passwordless/_init-passwordless-lock.md

@@ -1,3 +1,3 @@
 Auth0 Lock Passwordless is a professional-looking dialog that allows users to log in after receiving a one-time password via email or text message.
 
-After installing [Lock Passwordless](https://github.com/auth0/lock-passwordless), you must initialize it with your `Client Id` and `domain`. You can find this information on your [application settings](${manage_url}/#/applications/${account.clientId}/settings) page.
+After installing [Lock](https://github.com/auth0/lock), you must initialize it with your `Client Id` and `domain`. You can find this information on your [application settings](${manage_url}/#/applications/${account.clientId}/settings) page.

articles/connections/passwordless/_introduction.md

@@ -1,13 +1,13 @@
 Passwordless connections in Auth0 allow users to login without the need to remember a password. 
 
-This improves the user experience, especially on mobile applications, since users will only need an <% if (withFingerprint) { %> email address, phone number or fingerprint <% } else { %> email address or phone number <% } %> to register for your application.
+This improves the user experience, especially on mobile applications, since users will only need an email address or phone number to register for your application.
 
 Without passwords, your application will not need to implement a password-reset procedure and users avoid the insecure practice of using the same password for many purposes.
 
 In addition, the credential used for authentication is automatically validated since the user just entered it at sign-up.
 
 ## Configuration
 
-These connections use an authentication channel like <% if (withFingerprint) { %> SMS, e-mail or Touch ID <% } else { %> SMS or e-mail <% } %>. Each of these channels can be configured in the dashboard under [Connections > Passwordless](${manage_url}/#/connections/passwordless).
+These connections use an authentication channel like SMS or e-mail. Each of these channels can be configured in the dashboard under [Connections > Passwordless](${manage_url}/#/connections/passwordless).
 
 ![](/media/articles/connections/passwordless/passwordless-connections.png)

articles/connections/passwordless/_using-lock-ios-email.md

@@ -44,6 +44,4 @@ After the passwordless login process begins, ask the user for the one-time code.
 
 <%= include('./_introduction-email-magic-link') %>
 
-The next version of the iOS library will support magic links through iOS 9 Universal Links. When a user clicks a magic link they have received on their device, the link will automatically open your application (instead of opening in the browser) and sign in the user.
-
 Lastly, once the user is authenticated, your app will be able to access the user profile and tokens returned by Auth0.