I have developed a VUE SPA that authenticates users using Auth0 service (library @auth0/auth0-spa-js@1.14.0).
It works fine except in the following scenario:
- Users is redirected to Auth0 for login
- After being logged in, the user click two times on the browser “back” button
Then the following error occurs:
invalid_request : You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.
Furthermore, if I reopen the site start page the login button does not work anymore and the only way to resolve this issue is to clear the browser cache.
- SDK this is regarding: @auth0/auth0-spa-js
- SDK Version: 1.14.0
- Platform Version: @vue/cli 4.5.12
Below the error screenshot.
Screenshot_20210413_133543|520x500
After some reasoning, I found a partial workaround that consists of inserting into browser history some URL so as to be redirected to the Auth0 login URL only after many click events. This, of course, does not resolve the issue but only “delays” it.
Below my code:
mounted() {
if (this.browserHistory.state == null) {
this.browserHistory.replaceState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
this.browserHistory.replaceState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
this.browserHistory.replaceState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
this.browserHistory.pushState("", "login", "/");
this.browserHistory.pushState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
this.browserHistory.pushState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
this.browserHistory.pushState(
"",
"InfoProject",
"/default/dashboard/info_project"
);
}
}
It does exists a way to remove from the browser history that specific URL that refer to Auth0 login/JWT?
