Merge branch 'master' of github.com:auth0/docs

Author: rickyrauch

docs/includes/callapi.md

@@ -7,7 +7,7 @@ You have two options: (a) use the same client id and secret for both your applic
 
 ### <i class="icon icon-html5" style="margin-right: 10px;font-size: 25px;"></i> Single Page Applications / HTML5 JavaScript Front End
 
-The `JWT` is available on the location hash of the browser as the `id_token` parameter. You probably want to store it in local/session storage or a cookie `auth0.getProfile(window.location.hash, ...)`. <a href="singlepageapp-tutorial" target="_new">Read more...</a>
+The `JWT` is available on the location hash of the browser as the `id_token` parameter. You probably want to store it in local/session storage or a cookie `auth0.getProfile(location.hash, ...)`. <a href="singlepageapp-tutorial" target="_new">Read more...</a>
 
 ### <i class="icon icon-mobile-phone" style="margin-right: 10px;font-size: 30px;"></i> Native Mobile Applications
 

docs/instagram-clientid.md

@@ -0,0 +1,21 @@
+# Obtaining a Client ID and Client Secret for Instagram
+
+To configure Instagram OAuth2 connections you will need to register Auth0 with Instagram on their [developer portal](http://developers.instagram.com/).
+
+##1. Log in into the developer portal
+Go to the [developer portal](http://instagram.com/developer), and login with your Instagram credentials. Select __Manage Clients__ and click on __Register a New Client__:
+
+![](img/instagram-devportal-1.png)
+
+---
+
+##2. Complete information about your instance of Auth0
+
+Create a new application and complete the form. Use this URL as your callback:
+
+	https://@@account.namespace@@/login/callback
+
+![](img/instagram-devportal-2.png)
+
+Enter your new `Client ID` and `Client Secret` into the connection settings in Auth0.
+

docs/login-widget2.md

@@ -29,11 +29,14 @@ You can handle the authorization process client-side as follows:
             callbackOnLocationHash: true
         });
 
-        widget.getProfile(window.location.hash, function (err, profile, id_token, access_token, state) {
-            alert('hello ' + profile.name);
-            // use id_token to call your rest api
-        });
-
+        var result = widget.parseHash(location.hash);
+        if (result) {
+            widget.getProfile(location.hash, function (err, profile, id_token, access_token, state) {
+                // use profile to access user properties
+                // use id_token to call your rest api
+            });
+        }
+        
         function showLoginWidget() {
             widget.signin();
         }

docs/rules.md

@@ -39,7 +39,7 @@ A __Rule__ takes the following arguments:
   * `clientName`: the name of the application (as defined on the dashboard).
   * `connection`: the name of the connection used to authenticate the user (e.g.: `twitter` or `some-google-apps-domain`)
   * `connectionStrategy`: the type of connection. For social connection `connectionStrategy` === `connection`. For enterprise connections, the strategy will be `waad` (Windows Azure AD), `ad` (Active Directory/LDAP), `auth0` (database connections), etc.
-  * `protocol`: the authentication protocol. Possible values: `oidc-basic-profile` (most used, web based login), `oidc-implicit-profile` (used on mobile devices and single page apps), `oauth2-resource-owner` (user/password login typically used on database connections), `samlp` (SAML protocol used on SaaS apps), `wsfed` (Ws-Federation used on Microsoft products like Office365), `wstrust-usernamemixed` (Ws-trust user/password login used on CRM and Office365)).
+  * `protocol`: the authentication protocol. Possible values: `oidc-basic-profile` (most used, web based login), `oidc-implicit-profile` (used on mobile devices and single page apps), `oauth2-resource-owner` (user/password login typically used on database connections), `samlp` (SAML protocol used on SaaS apps), `wsfed` (WS-Federation used on Microsoft products like Office365), `wstrust-usernamemixed` (WS-trust user/password login used on CRM and Office365), and `delegation` (when calling the [Delegation endpoint](https://docs.auth0.com/auth-api#delegated)).
   * `request`: an object containing useful information of the request. It has the following properties:
     * `query`: querystring of the login transaction sent by the application
     * `body`: the body of the POST request on login transactions used on `oauth2-resource-owner` or `wstrust-usernamemixed` protocols.

docs/scenarios-mqtt.md

@@ -214,6 +214,9 @@ This shows how easy it is to use Auth0 in various scenarios. Auth0's user store
 
 > Caveats: it is never a good idea to send credentials (`username`/`password`) over unsecured networks. There are other implementations that provide transport level security that would prevent message contents to be revealed. __mosca__ supports TLS as an example. Likely a production deployment would favor this, unless all traffic happens in a closed network.
 
+###Acknowledgements
+Many thanks to [Matteo Collina](http://www.matteocollina.com/) for the review of this article, and for building the awesome __mosca__.
+
 
 
 

public/img/instagram-devportal-1.png

@@ -25,14 +25,15 @@
   });
 
   <% if (callbackOnHash) { %> 
-  // authentication result comes back in `window.location.hash`
-  widget.getProfile(window.location.hash, function (err, profile, id_token, access_token, state) {
-    /* 
-      store the profile and id_token in a cookie or local storage
-        $.cookie('profile', profile);
-        $.cookie('id_token', id_token);
-    */
-  });
+  // authentication result comes back in `location.hash`
+  var result = widget.parseHash(location.hash);
+  if (result) {
+      widget.getProfile(location.hash, function (err, profile, id_token, access_token, state) {
+          // use profile to access user properties
+          // use id_token to call your rest api
+          // store them in local storage/cookie
+      });
+  }
   <% } %>
 
   // sign-in with social provider using a popup (window.open)

public/img/instagram-devportal-2.png

@@ -16,14 +16,15 @@
         callbackURL:    '<%= account.callback %>'
   });<% } %>
   <% if (callbackOnHash) { %> 
-  // authentication result comes back in `window.location.hash`
-  widget.getProfile(window.location.hash, function (err, profile, id_token, access_token, state) {
-    /* 
-      store the profile and id_token in a cookie or local storage
-        $.cookie('profile', profile);
-        $.cookie('id_token', id_token);
-    */
-  });
+  // authentication result comes back in `location.hash`
+  var result = widget.parseHash(location.hash);
+  if (result) {
+      widget.getProfile(location.hash, function (err, profile, id_token, access_token, state) {
+          // use profile to access user properties
+          // use id_token to call your rest api
+          // store them in local storage/cookie
+      });
+  }
   <% } %>
 
   widget.signin({ container: 'root', chrome: true });

sdk2/snippets/custom.html

@@ -13,14 +13,15 @@
     callbackURL:    '<%= account.callback %>'
   });<% } %>
   <% if (callbackOnHash) { %> 
-  // authentication result comes back in `window.location.hash`
-  widget.getProfile(window.location.hash, function (err, profile, id_token, access_token, state) {
-    /* 
-      store the profile and id_token in a cookie or local storage
-        $.cookie('profile', profile);
-        $.cookie('id_token', id_token);
-    */
-  });
+  // authentication result comes back in `location.hash`
+  var result = widget.parseHash(location.hash);
+  if (result) {
+      widget.getProfile(location.hash, function (err, profile, id_token, access_token, state) {
+          // use profile to access user properties
+          // use id_token to call your rest api
+          // store them in local storage/cookie
+      });
+  }
   <% } %>
 </script>
 <button onclick="widget.signin()">Login</button>