Setting "code" query parameter breaks auth0 state #75
Comments
|
Hi @asktree - am not sure how this library should work when there are multiple oauth providers on the same page, let me investigate and get back to you |
|
We have similar issue with LInkedIn authorization. when client provide us access to their linkedIn profile inside our app. Can we stick auth0 |
|
Hi @asktree did you manage your situation somehow? |
|
I have a branch (https://github.com/auth0/auth0-react/compare/skip-redirect-callback) where I've added the config option <Auth0Provider
domain={domain}
clientId={clientId}
redirectUri={`${window.location.origin}/auth0-callback`}
skipRedirectCallback={window.location.pathname !== '/auth0-callback'}>Can you try it out and let me know if it meets your needs? |
adamjmcgrath
added
question
|
@adamjmcgrath This previous merged address an issue is currently happening in my application. Is there a timeline for the next package update? |
|
Hey @martinrojas - I am waiting on an upstream dependency before I do another release - should be 1 week - 2 max |
|
Hey @martinrojas - this is released as |
|
@adamjmcgrath Thank you |
|
@adamjmcgrath did you forget to include the |
|
Hi @dutsik - the PR i merged was #107 which just mitigates the issue by requiring the I didn't hear any feedback about the https://github.com/auth0/auth0-react/compare/skip-redirect-callback branch - so I didn't action it. If you're looking for some more help around that, you can reopen this issue. Could you also share a minimal test case app, because I'd like to investigate some other solutions in addition to the |
|
Hi @adamjmcgrath, in our case we want to add OAuth-flow from LinkedIn which also uses Adding |
|
@svenadlung Auth0 supports using LinkedIn as a social connection, is there any reason you cannot use that over implementing it directly? As this library is specifically designed to work with Auth0, it's difficult for us to consider spending effort to support other options. We just need to be careful about adding new properties like this, as they become much harder to remove later if they're not truly necessary. As @adamjmcgrath says, he has some other options he'd like to explore as well. |
|
@stevehobbsdev Good idea! But we don't use social logins though. We need to connect a LinkedIn account as a team setting to publish articles to LinkedIn. It's not related to the login flow :( |
|
Was running into this issue when using stripes oauth work flow for connected accounts and the |
|
Hi @kcarra
Yep - that's the plan, do you have any feedback on it? |
|
@adamjmcgrath no specific feedback from me, it has solved my issues with the stripe oauth workflow so I'm very happy with your changes! |
|
thx for this thread! |
If you're logged in to my site, and then add "?code=blah" to the href, auth0 now thinks I'm not logged in. I realize this has something to do with the oauth redirect flow, but the problem is that I need to use that query parameter (stripe uses it for their oauth flow: https://stripe.com/docs/connect/collect-then-transfer-guide).
Proposed change: if
codeparam fails to change the auth0 state, auth0-react should fall back on whatever it would have the state be if that code were excluded (instead of just saying there's no user).The text was updated successfully, but these errors were encountered: