Universal Login goes directly to OTP

I’m integrating the new Universal Login with MFA in a React SPA (following the directions in Auth0 React SDK Quickstarts: Login) and I’m hitting a random “issue”.

When you open the app and you’re not authenticated, the app renders a view that shows a simple message and redirects automatically to the login page using the loginWithRedirect() function.

Then, the logout functionality, uses the logout({ returnTo: ${window.location.origin}/login }) function.

The problem is that after logout, when it redirects to the login form again, it sometimes shows the username / password form, and sometimes goes directly to the OTP form without requiring credentials again. Like if the Auth0 session would still be alive.

This behavior is not consistent, sometimes happens, sometimes it goes to the username/password form as expected.

Not sure if this is a bug of the Universal Login or if this is something I can control from my code, since it happens on the Auth0 domain, not in my app’s domain.

Any clues?

Hi folks,

I found the issue and had nothing to do with Auth0.

The problem was a race condition given in the function that performed the logout. It was also modifying the state which caused a re-render of the page but, as the logout of the app had already happened, it was redirecting to the login page.

So, if the logout in Auth0 has finished it was redirecting normally to the credentials form but, if for some reason the Auth0 logout took a little more time, it detected the cookie and redirected to the OTP form.
I just added an intermediate page to complete the logout and to prevent this re-rendering and that solved the problem.


1 Like

Hi @leonardomateo,

Thank you for sharing your solution with the rest of the Community!

1 Like