Social login popup window security

[seppemans]

In an attempt to figure out why clicking the Social Login button did not show anything, I noticed that the popup window created by Auth0.js defaults to the BrowserWindow options of the parent window.

In my case, the parent window had the 'show' property set to false, and therefore the Social popup never showed up.

It's probably a good idea to set a few popupOptions on Auth0Lock to avoid this issue and other potential harmful situations. In particular, Electron's security documentation strongly recommends disabling nodeIntegration and enabling contextIsolation when you receive code from a remote destination.