opened 02:13AM - 09 Dec 20 UTC
closed 05:52PM - 09 Dec 20 UTC
bug report
### Describe the problem
When using passwordless login with magic link, a lin…k is sent via email and this link gets opened in a new tab, with its own session storage. Since auth0Client uses sessionStorage to store the appState, the appState is lost on login. In particular the targetUrl (set on appState) is lost, making redirection of the user to the desired page after login impossible.
Note that this problem doesn't happen when `passwordlessMethod` is set to `'code'`, only when it is set to `'link'`, since using code the code gets entered in the same tab.
### What was the expected behavior?
Restoring appState (and in particular being able to redirect to the proper page after login) should work properly when using magic link, just like it does with other methods.
### Reproduction
> Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is intermittent.
> **Note**: If clear, reproducable steps or the smallest sample app demonstrating misbehavior cannot be provided, we may not be able to follow up on this bug report.
- Set up universal login with passwordless and `passwordlessMethod='link'`.
- save appState and start login flow with `loginWithRedirect({ appState: { targetUrl: to.fullPath } });`
- click the link in the email
- watch it open in a new tab and fail to find appState and to redirect when `handleRedirectCallback` gets called
And just to be sure:
- get a new magic link
- instead of clicking it, copy the link into the auth0 tab where you entered your email (which is still on the univeral login page)
- watch it succeed because the sessionStorage is still there in that tab
### Environment
> Please provide the following:
- **Version of `auth0-spa-js` used:**
"@auth0/auth0-spa-js": "^1.13.1",
- **Which browsers have you tested in?**
chrome
- **Which framework are you using, if applicable (Angular, React, etc):**
Vue
- **Other modules/plugins/libraries that might be involved:**