Hello!
Using this library specifically GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0
We are having an issue where for one of our tenants it is making the user type their password twice when logging in and using a default organization or additionally once when switching organizations. Normally this doesn’t happen and it does not prompt for putting the password in again when switching organizations, and it doesn’t happen in our three other tenants. We are trying to figure why the odd one out is having this different behavior we don’t want.
This is the code for the /api/auth/org/redirect endpoint.
import auth0 from "../../../../utils/auth0";
export const GET = auth0.withApiAuthRequired((req: any, res: any) => {
const { searchParams } = new URL((req as Response).url!);
const orgId = searchParams.get("orgId");
return auth0.handleLogin(req, res, {
returnTo: searchParams.get("returnTo") ?? "/dashboard",
authorizationParams: {
organization: orgId as string,
},
});
});
Expected behavior without the login where it redirects to the callback:
GET https://<working-hostname>/api/auth/org/redirect?orgId=org_<id-here>
response 302 location:
https://<working-auth0-tenant-hostname>/authorize?client_id=...&scope=...&redirect_uri=https%3A%2F%2F<working-hostname>%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2F<working-hostname>&organization=org_<id-here>&nonce=...&state=...&code_challenge_method=...&code_challenge=...
GET https://<working-auth0-tenant-hostname>/authorize?client_id=...&scope=...&response_type=code&redirect_uri=https%3A%2F%2F]<working-hostname>%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2F<working-hostname>&organization=org_<id-here>&nonce=...&state=...&code_challenge_method=...&code_challenge=...
response 302 location:
https://<working-hostname>/api/auth/callback?code=...&state=...
Actual behavior where it makes user login again for organization switching to:
GET https://<not-working-hostname>/api/auth/org/redirect?orgId=org_<id-here>
response 302 location:
https://<not-working-auth0-tenant-hostname>/authorize?client_id=...&scope=...&response_type=code&redirect_uri=https%3A%2F%2F<not-working-hostname>%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2F<not-working-hostname>&organization=org_<id-here>&nonce=...&state=...&code_challenge_method=...&code_challenge=...
GET https://<not-working-auth0-tenant-hostname>/authorize?client_id=...&scope=...&response_type=code&redirect_uri=https%3A%2F%2F<not-working-hostname>%2Fapi%2Fauth%2Fcallback&audience=https%3A%2F%2F<not-working-hostname>&organization=org_<id-here>&nonce=...&state=...&code_challenge_method=...&code_challenge=...
response 302 location:
https://<not-working-auth0-tenant-hostname>/u/login?state=...
Any help is appreciated, and happy to clarify anything that is unclear.