Ready to post? First, try searching for your answer.
Hi team,
First of all, i’ve got to say I’ve switched to using auth0 from a different identity provider and most of it has been an absolute breeze. I am amazed at the documentation and everything seems pretty straightforward.
However, I am bashing my head against a wall with an issue i’ve encountered.
My entire login flow is set up and works - i have a backend api which generates, authenticates and uses tokens without a problem. SIgn up, login, invitation flows all work perfectly, but I have a very small edge case that I need help doing something with.
For context, I am using vue3.
I have enabled my application for businesses only, meaning that every user has to belong to an organization when they login. This is expected. We are trying to cover an edge case in which a user’s organization has been deleted and is left without any and tries to login - I get an endless redirect going through the callback url.
The URL of the redirect is something like this:
…callback?error=invalid_request&error_description=client%20requires%20organization%20membership%2C%20but%20user%20does%20not%20belong%20to%20any%20organization&state=aXo2UllDVFZiLm1MdTN2c3hXeVhnRjRtZTcybzFsX0pqQUFIeWgwYWZWYQ%3D%3D
I’ve debugged and have been able to trace the following:
- I go to localhost/, which has a router.push to (report), which is under the authguard.
- The push to ‘report’ forces the login flow to begin, and i am correctly sent over to my login page.
- I input the credentials of the user that has no organization and login.
- I am redirected to the callback page with the error_description and error i posted above - which is fine, I intend to handle the error here.
- My router then, again, redirects me to the index page for some reason.
- This redirect to index causes the route.push to happen again - sending me to a page with authguard, and since i’ve already “logged in”, it send se again to the callback with error,which does this over and over again.
I am almost 100% sure that my issue is in point 5 - my callback page right now has literally no code other than a blank html page with the company logo. The callback url doesn’t have an authguard. I can’t figure out for the life of me why i am redirected.
I know there’s no authguard since i can directly go to the callback page without issues. I can add an error and error_description query parameters too with no problem. However, when I append a state (whatever it may be) i get redirected again to /.
So, I can access this:
localhost/callback?error=test&error_description=desc
but not this:
localhost/callback?error=test&error_description=desc&state=abc
since it loops me back to /.
Is there anything about the state that would redirect me, and how can I stop this from happening so i can render my error for the user to know what the problem is?
Thank you!