search

auth0 / auth0-spa-js

Auth0 authentication for Single Page Applications (SPA) with PKCE
MIT License
903 stars 357 forks source link

using option `leeway` breaks login page #188

Closed evertbouw closed 5 years ago

evertbouw commented 5 years ago

I tried adding leeway as described in https://github.com/auth0/auth0-spa-js/issues/153.

However this will break the login page. Cannot post /login on the url https://~.~.auth0.com/login?state=~&client=~&protocol=oauth2&redirect_uri=~/callback&audience=~&scope=~&leeway=600&response_type=code&response_mode=query&nonce=~&code_challenge=&code_challenge_method=S256&auth0Client=~

it does work when I only add this option on the /callback path

leeway: window.location.pathname.includes("/callback") ? 600 : undefined,
luisrudge commented 5 years ago

where are you using the leeway param?

evertbouw commented 5 years ago

I put it in the auth config

const authConfig: Auth0ClientOptions = {
    domain: "",
    client_id: "",
    redirect_uri: `${window.location.origin}/callback`,
    audience: "",
    scope: "",
    leeway: window.location.pathname.startsWith("/callback") ? 600 : undefined,
};

createAuth0Client(authConfig)
luisrudge commented 5 years ago

@evertbouw I tried it locally and didn't hit any errors (with both the Classic and New Universal Login Experience), but we need to remove this param anyway, so I opened a PR to fix this 🎉