Skip to content

fix(auth): add automatic browser redirect to signInWithSSO #1849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 11, 2025
Merged

fix(auth): add automatic browser redirect to signInWithSSO #1849

merged 1 commit into from
Nov 11, 2025

Conversation

@mandarini
Copy link
Contributor

@mandarini mandarini commented Nov 11, 2025

Summary

Fixes #1848 by adding automatic browser redirect behavior to signInWithSSO, making it consistent with signInWithOAuth.

Problem

When using signInWithSSO, the redirectTo option was being correctly sent to the backend but ignored on the client side. Unlike signInWithOAuth, which automatically redirects users to the provider's authorization page in browser environments, signInWithSSO only returned the URL without performing the redirect.

This inconsistency meant that:

  • Users had to manually handle the redirect themselves
  • The redirectTo parameter appeared to be ignored
  • The API was inconsistent with other OAuth-based authentication methods

Changes

  1. Added automatic browser redirect logic to signInWithSSO method (GoTrueClient.ts:1338-1341)

    • Automatically navigates to the SSO provider URL when running in a browser
    • Only redirects when skipBrowserRedirect is not explicitly set to true
    • Uses the same pattern as signInWithOAuth and other OAuth methods

  2. Added skipBrowserRedirect option to SignInWithSSO type (lib/types.ts:789-794, 806-811)

    • Allows developers to opt-out of automatic redirect when needed
    • Provides consistency with other authentication methods
    • Maintains full backward compatibility

  3. Added test for the new option (GoTrueClient.test.ts:3103-3120)

    • Verifies the skipBrowserRedirect option is properly accepted
    • Documents expected behavior in browser environments

@github-actions github-actions bot added the auth-js Related to the auth-js library. label Nov 11, 2025
@mandarini mandarini marked this pull request as ready for review November 11, 2025 10:31
@mandarini mandarini requested review from a team as code owners November 11, 2025 10:31
@mandarini mandarini self-assigned this Nov 11, 2025
@coveralls
Copy link

coveralls commented Nov 11, 2025
edited
Loading

Coverage Status

coverage: 95.276% (+13.5%) from 81.727%
when pulling 008271f on fix/1848-sso-redirectto-ignored
into 5a3820d on master.

@mandarini mandarini merged commit 01e1948 into master Nov 11, 2025
26 of 27 checks passed
@mandarini mandarini deleted the fix/1848-sso-redirectto-ignored branch November 11, 2025 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grdsdev grdsdev grdsdev approved these changes

Assignees

@mandarini mandarini

Labels

auth-js Related to the auth-js library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Critical auth bug: redirectTo ignored when using signInWithSSO

4 participants

@mandarini @coveralls @grdsdev