Login popup closes before flow is complete, making login impossible in Chrome extensions #1318
Open
6 tasks done
Labels
bug
This points to a verified bug in the code
Checklist
Description
loginWithPopup
closes the popup is closed before the token is requested. When used in a Chrome extension, this causes the extension to be closed as well because the browser window regains focus. Closing the extension interrupts the script, so it is shut down without ever requesting the token or saving it to the cache.Because the token wasn't requested by the extension before being forcibly closed, the cookie is not set and the user is not authenticated when they re-open the extension. This makes it impossible for the user to ever sign in.
I've done some testing and simply delaying the call to
config.popup.close()
until the very end ofloginWithPopup
fixes things. The extension still closes upon successful sign in, but once re-opened the user will be authenticated.I will be opening a PR to fix this shortly. I think the best approach it to allow suppressing the
popup.close()
call entirely, so devs can manually close it at whatever point in their login flow is an okay point for the extension to be forcibly closed.Reproduction
loginWithPopup
checkSession
If you open devtools for the extension prior to calling
loginWithPopup
, the extension will not close and the login flow will work as expected.This can be reproduced consistently for me on Chrome 130 on Fedora.
Additional context
This issue has been reported before, without a real solution or understanding of why it was happening:
Regarding Chrome closing the extension when the window regains focus after the popup closes, see this docs page:
This is arguably a very poor UX choice in the context of popups, but not something we can change so we just have to work around it.
We also can't just use
loginWithRedirect
, as redirects don't work in an extension.auth0-spa-js version
2.1.3
Which framework are you using (React, Angular, Vue...)?
Next.js
Framework version
14.2.3
Which browsers have you tested in?
Chrome
The text was updated successfully, but these errors were encountered: