search

supertokens / supertokens-auth-react

ReactJS authentication module for SuperTokens
https://supertokens.com
Other
260 stars 81 forks source link

Nested redirects #794

Closed Robert-Steiner closed 4 months ago

Robert-Steiner commented 4 months ago

Hey,

I’m currently working on integrating SuperTokens into a website using the pre-built UI. Every page has a navbar with some links and a sign-in button. The sign-in button redirects the user to the sign-in page via redirectToAuth as described in the docs.

I use the redirectBack option to redirect the user back to the current page post sign in. The problem I'm facing now is that if the user clicks the sign-in button on the sign-in page, the redirectToAuth continues to add the current path to the redirectToPath query string. This can result in a URL like the following: 

https://example.com/login/?redirectToPath=%2Flogin%3FredirectToPath%3D%252Flogin%253FredirectToPath%253D%25252Flogin%25253FredirectToPath%25253D%2525252Flogin%2525253FredirectToPath%2525253D

If the user now signs in, but the user is redirected the sign-in page, which I think can be confusing. Is there a way to prevent this behaviour?

anku255 commented 4 months ago

Hi @Robert-Steiner !

It seems like your issue could easily be fixed by checking the current URL in the SignIn button onClick handler and calling redirectToAuth only if it's not the sign-in page URL.

You may wanna consider removing the SignIn button from the SignIn page entirely, following the approach used by many popular apps like Github and Discord.

I am closing this issue but please reply in case you need further help.

Robert-Steiner commented 4 months ago

Hi @anku255,

Thank you for your help! I followed your first idea and it works fine, but I agree that it might make sense to remove the sign-in button completely.