Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login popup closes before flow is complete, making login impossible in Chrome extensions #1318

Open
6 tasks done
ashwsn opened this issue Nov 7, 2024 · 0 comments · May be fixed by #1319
Open
6 tasks done

Login popup closes before flow is complete, making login impossible in Chrome extensions #1318

ashwsn opened this issue Nov 7, 2024 · 0 comments · May be fixed by #1319
Labels
bug This points to a verified bug in the code

Comments

@ashwsn
Copy link

ashwsn commented Nov 7, 2024

Checklist

Description

loginWithPopup closes the popup is closed before the token is requested. When used in a Chrome extension, this causes the extension to be closed as well because the browser window regains focus. Closing the extension interrupts the script, so it is shut down without ever requesting the token or saving it to the cache.

Because the token wasn't requested by the extension before being forcibly closed, the cookie is not set and the user is not authenticated when they re-open the extension. This makes it impossible for the user to ever sign in.

I've done some testing and simply delaying the call to config.popup.close() until the very end of loginWithPopup fixes things. The extension still closes upon successful sign in, but once re-opened the user will be authenticated.

I will be opening a PR to fix this shortly. I think the best approach it to allow suppressing the popup.close() call entirely, so devs can manually close it at whatever point in their login flow is an okay point for the extension to be forcibly closed.

Reproduction

  1. Open Chrome extension
  2. Click button that triggers loginWithPopup
  3. Complete login in the popup
  4. Popup & extension both close at the same time
  5. Re-open the extension
  6. Call checkSession
  7. See that user is not authenticated

If you open devtools for the extension prior to calling loginWithPopup, the extension will not close and the login flow will work as expected.

This can be reproduced consistently for me on Chrome 130 on Fedora.

Additional context

This issue has been reported before, without a real solution or understanding of why it was happening:

Regarding Chrome closing the extension when the window regains focus after the popup closes, see this docs page:

There is no way to keep the [extension] popup open after the user has clicked away.

This is arguably a very poor UX choice in the context of popups, but not something we can change so we just have to work around it.

We also can't just use loginWithRedirect, as redirects don't work in an extension.

auth0-spa-js version

2.1.3

Which framework are you using (React, Angular, Vue...)?

Next.js

Framework version

14.2.3

Which browsers have you tested in?

Chrome

@ashwsn ashwsn added the bug This points to a verified bug in the code label Nov 7, 2024
@ashwsn ashwsn linked a pull request Nov 8, 2024 that will close this issue
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This points to a verified bug in the code
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant