Limiting State-Reading URLs/Paths

[dereekb]

Describe the problem you'd like to have solved

I was adding in another OAuth provider yesterday for my project, Nylas, which I was having redirect back to my app with both query parameters state and code. I noticed Auth0/Angular (which I believe uses this plugin) was attempting to use the state and code parameters on routes I wasn't intending for them to be consumed, threw an exception, then redirected back to the front page of the app.

Describe the ideal solution

I'd like to be able to specify the routes that should be matched when attempting to log in. Since when using Auth0 you're limited to pre-defined redirect paths anyways, it seems like it should be ok to limit the paths at which auth0-spa attempts to detect and digest state and code query parameters in the url.

For example:

Limit the path to: /login/authorize
Or specify which routes to not hit: /app/settings/nylas

Alternatives and current work-arounds

Right now I updated it so auth redirects from Nylas first go to the api server, which redirects back to the client with different query parameters. I'd rather not do this because it should go straight back to the app itself.

[frederikprijck]

Thanks for reporting,

I think it is up to the router-aware libraries to decide when it should or should not call handleRedirectCallback. Our SPA JS SDK exposes a method on Auth0Client to handle the callback and process the URL parameters, but it does not decide when it should or should not be called, this is entirly up to the application/library consuming the SPA JS SDK, in this case the Angular SDK.

In case of Angular, this method is responsible for making that decision: https://github.com/auth0/auth0-angular/blob/master/projects/auth0-angular/src/lib/auth.service.ts#L255.

I think @Auth0/Auth0-Angular might need a solution comparable to what we have in React here: auth0/auth0-react#148

Could you open an issue on the @Auth0/Auth0-Angular repository so we can track it accordingly?