fix(clerk-js): Only refresh when auth with popup is called #5518
Conversation
🦋 Changeset detectedLatest commit: a031b60 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
| // If `handleRedirectCallback` is called on a window without an opener property (such as when the OAuth flow popup | ||
| // directs the opening page to navigate to the /sso-callback route), we need to reload the signIn and signUp resources | ||
| // to ensure that we have the latest state. This operation can fail when we try reloading a resource that doesn't | ||
| // exist (such as when reloading a signIn resource during a signUp attempt), but this can be safely ignored. |
There was a problem hiding this comment.
Could this entire thing be done via a postMessage() from the popup? The issue is we don't know which resource we need to fetch so we're just doing both, right?
| // If `handleRedirectCallback` is called on a window without an opener property (such as when the OAuth flow popup | ||
| // directs the opening page to navigate to the /sso-callback route), we need to reload the signIn and signUp resources | ||
| // to ensure that we have the latest state. This operation can fail when we try reloading a resource that doesn't | ||
| // exist (such as when reloading a signIn resource during a signUp attempt), but this can be safely ignored. | ||
| if (!window.opener) { | ||
| if (!window.opener && shouldRefreshResources) { | ||
| try { | ||
| await signIn.reload(); |
There was a problem hiding this comment.
Can you remind me why doing .reload() is useful, if it always returns a 405 ?
There was a problem hiding this comment.
It doesn't always return a 405. It only returns a 405 when the underlying resource doesn't exist. So for example if we created a SignIn resource during the popup, signIn.reload() will pick that up, but signUp.reload() will return a 405.
There was a problem hiding this comment.
oh i see, thanks for clarifying.
|
closing in favor of #5553 |
Description
This PR uses
sessionStorageto set a flag indicating thatauthenticateWithPopupwas used to initiate an SSO connection, which likely means that thesignInandsignUpresources need to be reloaded before handling the redirect.This reduces the instances of a
405 Method Not Allowedresponse from FAPI which is returned when we attempt to refresh a resource that we haven't acted upon. For example, if we're attempting to sign in, callingsignUp.reload()will cause an HTTP 405 error. By only performing this reload whenauthenticateWithPopuphas been called, we reduce the instance of 405 errors in our logs and within customer applications.Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change