We have some post-login actions that may guide users through account setup or management options. We want these to happen before the user is fully authenticated, so the actions seem like the right place for these.
The issue is that when we use loginWithPopup these management screens get squeezed into the small popup window. Our latest headache involves needing to open a second popup window, which leads to a bunch of other issues.
What we’d like to be able to do is close the popup and continue the authentication flow in the parent window. I naively tried just copying the popup’s location to window.opener from our management page – this seems to allow the flow to complete but it ends at /authorization/resume with Javascript trying to call back to the opener window.
It seems like Auth0 “knows” internally that this is a popup login – perhaps there’s a way to flip a bit somewhere so it behaves like a redirect login?
Hi @adam.clark2
Unfortunately, because the authentication flow’s parameters (like response_mode and state variables) are cryptographically bound when the transaction is initiated, Auth0 cannot change the contract halfway through. The recommended approach to handle complex, multi-screen account setup is to defer the UI rendering to your main application after the Auth0 login completes, rather than handling it mid-transaction via an Action redirect.
Instead of redirecting the user out of the Auth0 pipeline to a management screen, let the popup flow complete quickly and silently. Use the Auth0 Action solely to compute whether the user needs to complete the setup, and pass that flag to your SPA.
The code would look something like this:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://your-app.com';
if (event.stats.logins_count === 1) {
api.idToken.setCustomClaim(`${namespace}/needs_setup`, true);
}
};
If you have any other questions, let me know!
Kind Regards,
Nik
1 Like