Create fresh SignIn on authenticateWithRedirect call

LauraBeatris · LauraBeatris · commit 3219cf7ab658 · 2025-02-10T18:02:20.000-03:00
diff --git a/.changeset/spicy-toes-behave.md b/.changeset/spicy-toes-behave.md
@@ -0,0 +1,7 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Fixes stale `SignIn` object on `authenticateWithRedirect` for `saml` and `enterprise_sso` custom flows
+
+Previously, the same connection identifier would be used on every `authenticateWithRedirect` call leading to redirecting to the wrong identity provider
diff --git a/packages/clerk-js/src/core/resources/SignIn.ts b/packages/clerk-js/src/core/resources/SignIn.ts
@@ -224,24 +224,31 @@ export class SignIn extends BaseResource implements SignInResource {
     });
   };
 
-  public authenticateWithRedirect = async (params: AuthenticateWithRedirectParams): Promise<void> => {
-    const { strategy, redirectUrl, redirectUrlComplete, identifier } = params || {};
-
-    const { firstFactorVerification } =
-      (strategy === 'saml' || strategy === 'enterprise_sso') && this.id
-        ? await this.prepareFirstFactor({
-            strategy,
-            redirectUrl: SignIn.clerk.buildUrlWithAuth(redirectUrl),
-            actionCompleteRedirectUrl: redirectUrlComplete,
-          })
-        : await this.create({
-            strategy,
-            identifier,
-            redirectUrl: SignIn.clerk.buildUrlWithAuth(redirectUrl),
-            actionCompleteRedirectUrl: redirectUrlComplete,
-          });
-
-    const { status, externalVerificationRedirectURL } = firstFactorVerification;
+  public authenticateWithRedirect = async ({
+    strategy,
+    redirectUrl,
+    redirectUrlComplete,
+    identifier,
+    continueSignIn = false,
+  }: AuthenticateWithRedirectParams): Promise<void> => {
+    if (!this.id || !continueSignIn) {
+      await this.create({
+        strategy,
+        identifier,
+        redirectUrl: SignIn.clerk.buildUrlWithAuth(redirectUrl),
+        actionCompleteRedirectUrl: redirectUrlComplete,
+      });
+    }
+
+    if (strategy === 'saml' || strategy === 'enterprise_sso') {
+      await this.prepareFirstFactor({
+        strategy,
+        redirectUrl: SignIn.clerk.buildUrlWithAuth(redirectUrl),
+        actionCompleteRedirectUrl: redirectUrlComplete,
+      });
+    }
+
+    const { status, externalVerificationRedirectURL } = this.firstFactorVerification;
 
     if (status === 'unverified' && externalVerificationRedirectURL) {
       windowNavigate(externalVerificationRedirectURL);
diff --git a/packages/clerk-js/src/ui/components/SignIn/SignInStart.tsx b/packages/clerk-js/src/ui/components/SignIn/SignInStart.tsx
@@ -336,6 +336,7 @@ export function _SignInStart(): JSX.Element {
       strategy: 'enterprise_sso',
       redirectUrl,
       redirectUrlComplete,
+      continueSignIn: true,
     });
   };
 
diff --git a/packages/types/src/redirects.ts b/packages/types/src/redirects.ts
@@ -64,6 +64,11 @@ export type AuthenticateWithRedirectParams = {
    */
   continueSignUp?: boolean;
 
+  /**
+   * Whether to continue existing SignIn (if present) or create a new SignIn.
+   */
+  continueSignIn?: boolean;
+
   /**
    * One of the supported OAuth providers you can use to authenticate with, eg 'oauth_google'.
    * Alternatively `saml` or `enterprise_sso`, to authenticate with Enterprise SSO.
