search

googleworkspace / apps-script-oauth2

An OAuth2 library for Google Apps Script.
https://developers.google.com/apps-script/
Apache License 2.0
1.56k stars 429 forks source link

Auth0: Authentication Session Not Persisting Across Tabs #451

Open tzachbaksis opened 1 year ago

tzachbaksis commented 1 year ago

I have encountered an issue with the OAuth2 library in Google Apps Script, specifically related to the persistence of the authentication session across different tabs or browser instances. When using the provided authentication flow with Auth0, I noticed that after logging in through my Gmail add-on, the authentication session does not persist when opening a new tab or browser instance.

Expected Behavior:

When logging in to app without the add-on, the authentication session remains active, and opening a new tab or browser instance does not require reauthentication. The same behavior is expected when logging in through the Gmail add-on, where the authentication session should persist across tabs or browser instances.

Observed Behavior:

After logging in through the Gmail add-on, opening a new tab or browser instance prompts me to authenticate again when accessing mywebsite.com. This behavior is inconsistent with the expected behavior observed when logging in without the add-on.

Code sample:

var scopes = ['openid', 'profile', 'email', 'offline_access']

function getService() {
  return OAuth2.createService('auth')
    .setAuthorizationBaseUrl('https://{auth0 custom domain}/authorize')
    .setTokenUrl('https://{auth0 custom domain}/oauth/token')
    .setClientId(MY_CLIENT_ID)
    .setScope(scopes.join(' '))
    .setCallbackFunction('authCallback')
    .setCache(CacheService.getUserCache())
    .setPropertyStore(PropertiesService.getUserProperties())
    .setParam('audience', MY_AUDIENCE)
    .setParam('response_type', 'code')
    .setParam('response_mode', 'query')
    .setParam('prompt', 'login')
}
  1. Is it possible to persist the authentication session across tabs or browser instances when using the OAuth2 library in Google Apps Script with Auth0?
  2. Does achieving session persistence require specific configuration settings within Auth0?
  3. Are Auth0 session cookies utilized to maintain the authentication session across different tabs or browser instances?

Thanks in advance

erickoledadevrel commented 1 year ago

It looks like you are setting the cache and property store correctly:

.setCache(CacheService.getUserCache())
.setPropertyStore(PropertiesService.getUserProperties())

There may be a small delay between when cache writes are reflected in cache reads, but it should be short enough to not matter. Does waiting a minute before opening the new window change anything?

What code are you using to determine if the user needs to authenticate again? Could it be that there is an error in that logic?