Login popup closes before flow is complete, making login impossible in Chrome extensions #1318
Description
Checklist
- The issue can be reproduced in the auth0-spa-js sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the documentation and API documentation, and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
loginWithPopup closes the popup is closed before the token is requested. When used in a Chrome extension, this causes the extension to be closed as well because the browser window regains focus. Closing the extension interrupts the script, so it is shut down without ever requesting the token or saving it to the cache.
Because the token wasn't requested by the extension before being forcibly closed, the cookie is not set and the user is not authenticated when they re-open the extension. This makes it impossible for the user to ever sign in.
I've done some testing and simply delaying the call to config.popup.close() until the very end of loginWithPopup fixes things. The extension still closes upon successful sign in, but once re-opened the user will be authenticated.
I will be opening a PR to fix this shortly. I think the best approach it to allow suppressing the popup.close() call entirely, so devs can manually close it at whatever point in their login flow is an okay point for the extension to be forcibly closed.
Reproduction
- Open Chrome extension
- Click button that triggers
loginWithPopup - Complete login in the popup
- Popup & extension both close at the same time
- Re-open the extension
- Call
checkSession - See that user is not authenticated
If you open devtools for the extension prior to calling loginWithPopup, the extension will not close and the login flow will work as expected.
This can be reproduced consistently for me on Chrome 130 on Fedora.
Additional context
This issue has been reported before, without a real solution or understanding of why it was happening:
- https://community.auth0.com/t/ultimate-guide-to-auth0-in-a-chrome-extension-popup/61362/2
- loginWithPopup from chrome extension instantly closes on enterprise MacBooks #567
Regarding Chrome closing the extension when the window regains focus after the popup closes, see this docs page:
There is no way to keep the [extension] popup open after the user has clicked away.
This is arguably a very poor UX choice in the context of popups, but not something we can change so we just have to work around it.
We also can't just use loginWithRedirect, as redirects don't work in an extension.
auth0-spa-js version
2.1.3
Which framework are you using (React, Angular, Vue...)?
Next.js
Framework version
14.2.3
Which browsers have you tested in?
Chrome