Login (autologin) behaviour is not consistent across browsers. #140
Comments
|
Hey @augustosamame , I tried reproducing this in Firefox 81 and Chrome 86, but I get the exact same behavior in both browsers. In both cases, the second domain shows the login button while the first domain is logged in (so I see the behavior that you are seeing in both browsers). The reason this is the case is The React SDK Auth0 is not set up to check any cross domain SSO session on load by default.
@adamjmcgrath or @stevehobbsdev would you have more information on whether or not this is expected ? |
|
Yes the issue being reported is unfortunately expected. We make use of a cookie as an optimization to determine whether you might be logged in or not, and only silently login on startup if that cookie is present and its value is set to This logic is checked by |
Yep - The work I'm planning to do to resolve #109 will enable you to use @frederikprijck's suggestion |
|
Thank you for jumping on this. So bottom line, do I need to do additional work on my end to get the desired behaviour? Or do I have to wait until #109 is resolved? I notice it's been open for a couple of months. Any updated ETA on it? I'm working on integrating our project with Auth0 as we speak so I would like some clarity on the best way forward. |
|
Hey @augustosamame - yep, you'd need to wait until #109 is resolved then do I'm planning on raising a PR for #109 this week or next, will close this in favour of #109 |
Describe the problem
Login (autologin) behaviour is not consistent across browsers.
I have setup 2 sister domains, each pointing to the same auth0.com tenant and sharing the same connection.
domain1:
sso1.starsona.com
domain2:
starsonafans.net
They are both running the same (latest) version of the React SDK sample project.
Behaviour in Firefox:
user is logged out in both domains
user clicks on login button in domain1 and gets redirected to auth0 auth url
user signs in
user gets redirected back to domain1
REFRESHING or NAVIGATING to domain 2 with user logged in domain 1 will open the page with user AUTOMATICALLY LOGGED IN in domain 2
This is the expected, correct behaviour and why we're using Auth0 for SSO in the first place.
Behaviour in Chrome (including mobile version) and Safari (including mobile version)
user is logged out in both domains
user clicks on login button in domain1 and gets redirected to auth0 auth url
user signs in
user gets redirected back to domain1
REFRESHING or NAVIGATING to domain 2 with user logged in domain 1 will open the domain2 page with Login button visible (user is NOT AUTOMATICALLY LOGGED IN in domain 2).
Clicking on Login button will login user without having to type in credentials again.
This is unexpected, and confusing to the user. If user is logged in, why is an extra click needed for logged in state to be shown?
What was the expected behavior?
Login should work consistently across browsers
Reproduction
Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
Note: If clear, reproducable steps or the smallest sample app demonstrating misbehavior cannot be provided, we may not be able to follow up on this bug report.
We cloned the auth0-react project and have not modified it at all, except for adding the appropriate settings in auth_config.json
{
"domain": "starsona.us.auth0.com",
"clientId": "C7KpWJOGVf5E3UPrUc9LRNmJsaDjgRfw",
"audience": "https://starsona.us.auth0.com/api/v2/"
}
Can the behavior be reproduced using the React SDK Playground?
it's an unmodified copy of the repo.
we have deployed this project to https://starsonafans.net/ and https://sso1.starsona.com
where the issue can be replicated with ease.
Environment
Version of auth0-react used:
master branch as of today
Which browsers have you tested in?
Chrome Version 86.0.4240.111
Firefox 81.02
Safari Version 14.0 (15610.1.28.1.9, 15610)
Which framework are you using, if applicable (Angular, React, etc):
React
The text was updated successfully, but these errors were encountered: