Closed danjunger closed 2 years ago
Hi @danjunger - thanks for raising this
withAuthenticationProvider
needs to handle errors that a user can recover from by logging in again (login_required, consent_required, mfa_required, interaction_required etc)
For errors like configuration errors or errors from the handleRedirectCallback
you need to handle them at the app level, before you start rendering routes that require authentication.
Closing as a Duplicate of https://github.com/auth0/auth0-react/issues/298#issuecomment-961949134
@adamjmcgrath would be great if you can add one example which handle post-login action errors with withAuthenticationRequired
Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.
Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.
By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.
Describe the problem
Any time an error occurs within an Auth0 rule, an application which uses the
withAuthenticationRequired
higher order component to guard the app will be sent into an infinite loop of checking if the user is authenticated, finding that the user is not authenticated, and then callingloginWithRedirect
again which starts the loop over again.The code for this behavior is here:
[loginWithRedirect](https://github.com/auth0/auth0-react/blob/master/src/with-authentication-required.tsx#L97-L111)
This code has an opportunity to handle this error, but currently does not consider any error that could be returned from the call to
useAuth0
.What was the expected behavior?
I would like to see:
useAuth0
and display or throw the error instead of just callingloginWithRedirect
again.Reproduction
withAuthenticationRequired
loginWithRedirect
loopCan the behavior be reproduced using the React SDK Playground?
If so, provide steps:
Environment
auth0-react
used: 1.10.1 (still present in master of of now)