Here’s the scenario. For context we have a react app that we use the Auth0 sdk in for authentication. Everything works correctly there and we use the useAuth0 hook to get the user and authentication state
- The user use authenticates via the universal login and redirects to the dashboard
- The user clicks a link that goes to the OAuth2 page for Slack integration
(https://slack.com/oauth/v2/authorize). In the query string we pass scope, a redirect URI to callback page in the app that’s behind authentication, our client id, and the user id asstate, so the whole url looks like this:${slackOauthUrl}?scope=${scopeList}&client_id=${ClientId}&redirect_uri=${redirectUri}&state=${userId} - The user is redirect to their slack workspace in the browser at the url
https://${workspace name}.slack.com/oauth?with the query string from the link in the previous step passed in. - The user clicks the “allow button” on the slack integration form and gets redirected to the redirect url passed in the query string.
- What should happens next is after the redirect the user should be already authenticated and the page under the callback url route should render and fire the callback to our server, but instead the useAuth0 hook returns
falseforisAuthenticatedand the user gets redirected back to a non-protected route. However, the user is still authenticated because i can type in the url of a protected route and access it without reauthenticating. What is the fix here? Thanks