Bug report
Describe the bug
I'm using Vue 3 with Vue Router 4 (latest). I'm using OAuth for sign-in, specifically github. The flow works fine and redirects back, but the #access_token=XXX hash remains visible until I navigate to another page.
This happens regardless of what I set redirectTo. It redirects to that page, but the hash remains on it, regardless of which page I use.
(my workarounds are in the additional details)
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
await supabase.auth.signInWithOAuth({
provider: 'github',
})
- Sign in to GitHub
- Get redirected back to
/
- Note the
#access_token=xxx hash that remains
- Click a link to navigate to another page, hash goes away
Expected behavior
Hash will appear briefly, then once supabase is done authenticating the hash should be removed by doing a history.replace() so you can't press the back button to get to the route with the hash in it.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
- OS: Ubutu 20 (running in WSL2 on Windows 10)
- Browser (if applies) Chrome
- Version of supabase-js: @supabase/supabase-js@2.0.0-rc.4
- Version of Node.js: v16.14.2
Additional context
I've tried two workarounds,
My first workaround was to redirectTo a callback page which immediately redirects to the intended destination without the hash. This works but does a bunch of redirect the user can see.
Next, I tried to use supabase.onAuthStateChange() to check the hash and immediately replace it. This seemed to work at first, but it seems there's a race condition to when the event triggers versus when the hash updates, so checking for the #access_token= presence wasn't reliable.
supabase.auth.onAuthStateChange(() => {
if (route.hash.startsWith('#access_token=')) {
router.replace({ hash: '' })
}
})Finally, my current workaround is to use a Vue watch to watch the current route's hash for changes.
watch(
() => route.hash,
(hash) => {
if (hash.startsWith('#access_token')) {
router.replace({ hash: '' })
}
},
{ immediate: true }
)
Bug report
Describe the bug
I'm using Vue 3 with Vue Router 4 (latest). I'm using OAuth for sign-in, specifically github. The flow works fine and redirects back, but the
#access_token=XXXhash remains visible until I navigate to another page.This happens regardless of what I set
redirectTo. It redirects to that page, but the hash remains on it, regardless of which page I use.(my workarounds are in the additional details)
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
/#access_token=xxxhash that remainsExpected behavior
Hash will appear briefly, then once supabase is done authenticating the hash should be removed by doing a history.replace() so you can't press the back button to get to the route with the hash in it.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
I've tried two workarounds,
My first workaround was to redirectTo a callback page which immediately redirects to the intended destination without the hash. This works but does a bunch of redirect the user can see.
Next, I tried to use
supabase.onAuthStateChange()to check the hash and immediately replace it. This seemed to work at first, but it seems there's a race condition to when the event triggers versus when the hash updates, so checking for the#access_token=presence wasn't reliable.Finally, my current workaround is to use a Vue
watchto watch the current route's hash for changes.