fix(clerk-js): reset Core 3 OAuth retry state#8494
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🦋 Changeset detectedLatest commit: d7db916 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis pull request addresses Core 3 OAuth retry routing in Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
jacekradko
changed the title
|
FWIW: I'm quite sure this same issue applies to Moreover, the interface definitions for sso: (params: SignUpFutureSSOParams) => Promise<{
error: ClerkError | null;
}>;However, when the above error occurs, it bubbles up a JSON syntax error instead, so it's not possible to condition logic based on the clerk error attributes. Additionally, it appears users can get stuck in this state even if they don't back out of SSO. |
|
Thanks for the report, @EandrewJones. I looked into this and the sign-up case appears to be a separate issue from the one this PR fixes, not the same underlying cause. The JSON SyntaxError is a separate problem worth fixing on its own: the { error: ClerkError | null } contract should hold regardless of what's happening underneath. The raw parse error escaping that contract is its own bug. I created an internal ticket to investigate both the retry behavior and the error-shape issue. I'll follow up here once we have something to share. |
2 participants
Fixes SDK-75.
signIn.__internal_future.sso()reused an existing sign-in resource any time one had an id. After a user backed out of an OAuth provider (browser back button on Google's consent screen), the resource still held the previous provider'sexternalVerificationRedirectURL, so a later click on a different provider sent them back to the original consent screen.The fix scopes reuse to enterprise SSO only, where
prepare_first_factorrefreshes server state for ticket-based and identifier-discovery flows that composeticket() → sso()against a single sign-in. OAuth strategies have no equivalent refresh, so they now always start fresh. This closes the cross-provider regression. Also resets the async resource fetch status when restoring a pending task from BFCache, which was leaving subsequent attempts stuck. Coverage spans the resource-level invariants plus a Playwright test in the custom-flows-react-vite template that exercises the abandoned-redirect retry end-to-end.