auth0-angular icon indicating copy to clipboard operation
auth0-angular copied to clipboard

Published 20 hours ago verified publisher icon auth0

Ability to skip the error page redirect

Open dsfx3d opened this issue 2 years ago • 3 comments

If we have an AuthGuard to prevent unauthenticated access to the protected routes, then why are we redirecting the user to an error page if the auth0Client.checkSession fails?

I'm not using auth guards in my app but still I get redirected to the home page / if the session check fails. Instead I want to keep the user on the same page and display a login view.

Describe the problem you'd like to have solved

I want the ability to stay on the same page even if the auth0Client.checkSession fails.

Describe the ideal solution

The ideal solution would be to provide an option to disable redirect on session error.

Suggestion

A possible solution may be to add an option in the config to skip the error redirect skipSessionErrorRedirect which is something similar to the skipRedirectCallback.

We can use the errors$ observable to take an action on session errors.

The default behaviour will remain the same until the skip error redirect flag is set to true

dsfx3d avatar Sep 29 '22 14:09 dsfx3d

checkSession should be called on page load, you should be able to set errorPath to the current URL to ensure we do not go to / (the default) on an error (https://github.com/auth0/auth0-angular/blob/master/projects/auth0-angular/src/lib/auth.service.ts#L106).

That said, I think I agree that checkSession should not do anything when it fails. It is supposed to be silent.

Can you verify if the workaround above works for now? If it does, I would prefer fixing this in our next major version where we just avoid any action when checkSession fails.

frederikprijck avatar Sep 30 '22 07:09 frederikprijck

It won't work for me because I don't want to redirect the user to the error page. I just intend to hide away some of the features on the same page and to prompt for optional authN with a dialogue. I'll be glad to make the contribution.

dsfx3d avatar Oct 04 '22 04:10 dsfx3d

For now I wrote my own implementation of angular module from auth0-spa-js.

The error redirect makes sense for general use cases but should be an optional feature.

dsfx3d avatar Oct 04 '22 04:10 dsfx3d

👋 We have reworked Auth0-SPA-JS in such a way that calling checkSession will never throw any exception anymore. This is available in beta and should soon be GA. Once we migrate our Angular SDK to use the latest version of SPA-JS, which will be a major bump inhere as well, this behavior should be resolved and checkSession should never fail in our Angular SDK neither, so it shouldnt redirect anymore in that case.

frederikprijck avatar Oct 21 '22 09:10 frederikprijck

Thanks, in the meanwhile I wrote my own wrapper for angular of the latest auth0-spa-js. I'll keep an eye on your release. Do you accept contributions?

dsfx3d avatar Nov 04 '22 15:11 dsfx3d