Unable to issue redirect for OAuth 2.0 transaction

[ShaktiMandal]

Hi

Please help me on the below issues.

Describe the problem

Recently, I have upgraded @auth0/auth0-spa-js to 2.0.0 since then I was unable to login into the application. It was working before with the previous version - 1.15.0. Reason for login failure is that server is responding with error - 500. So, I have gone through the network tab in my browser and noticed that authorize/resume?state= api call is failing. This is a redirect call from /login/callback as per the network details. So the sequence of my api call was as mentioned below.

authorize?client - Success
auth?hd - success
callback?state - success
resume?state - Failed with status code - 500

Here is my code snippet: ( Just changed clientId from client_id and added authorizationParam to have rest )

const client = createAuth0Client({
clientId,
domain,
authorizationParam: { // Changes as a part of version -2.0.0
redirect_uri
audience
connection
}
})

redirect call

client.loginWithRedicrect({
appState,
authorizationParam: { // Changes as a part of version -2.0.0
redirect_uri
}
})

What was the expected behavior?

It should allow the user to log in without any error

Reproduction

Unable to provide details.

Environment

• Version of auth0-spa-js used: - 2.0.0
• Which browsers have you tested in? - chrome
• Which framework are you using, if applicable (Angular, React, etc): - vue3
• Other modules/plugins/libraries that might be involved: - No

[frederikprijck]

Thanks for reporting.

Can you see if there are any logs shown in Auth0? Based on the code you shared I can not see anything wrong, so I think we would benefit from seeing see a reproduction sample to be able to action this.

Thanks,

[ShaktiMandal]

I have checked in the monitoring section and get below details.
In the response, there is an error object which contain below error.
I have tried to compare the request object with working version but doesn't have any difference.

error - Unable to issue redirect for OAuth 2.0 transaction.

Please let me know if I have to look into anywhere else to get additional details.

[ShaktiMandal]

Hi Frederik,

Any suggestion please ?

[frederikprijck]

Please provide a reproduction so we can look into it, as i have been unable to reproduce this.

[kyontan]

I've faced the same issue.
It looks the redirect_uri parameter in loginWithRedirect method is ignored, and the value of authorizationParams.redirect_uri passed on calling createAuth0Client is used instead.

EDIT

auth0-spa-js/src/Auth0Client.ts

Lines 444 to 455 in 66fd76d

	public async loginWithRedirect<TAppState = any>(
	options: RedirectLoginOptions<TAppState> = {}
	) {
	const { onRedirect, fragment, appState, ...urlOptions } = options;
	const organizationId =
	urlOptions.authorizationParams?.organization ||
	this.options.authorizationParams.organization;
	const { url, ...transaction } = await this._prepareAuthorizeUrl(
	urlOptions.authorizationParams || {}
	);

Here, this._prepareAuthorizeUrl expects redirect_uri field to be set in urlOptions.authorizationParams, but when we call loginWithRedirect({ redirect_uri: "something" }), the urlOptions become { redirect_uri: "something" }, not { authorizationParams: { redirect_uri: "something" } }

[frederikprijck]

@kyontan That's correct, as of v2, the redirect_uri is expected to go inside authorizationParams. You are not supposed to use loginWithRedirect({ redirect_uri: "something" }) in v2, see: https://github.com/auth0/auth0-spa-js/blob/master/MIGRATION_GUIDE.md#introduction-of-authorizationparams.

Looking at the OP's code, they do use authorizationParams, so I am not sure it's the exact same issue.

[kyontan]

@frederikprijck
Sorry, I misunderstood the issue, so my editor's failed to read v2's type definition 🙏

[ShaktiMandal]

@frederikprijck

Just to inform you that, issue got sorted out. Seems like there was a problem with my system. I have tried to check with my colleagues and works fine there. thus closing the issue. Thanks all for the support.