Skip to content

fix: add closePopup option for Chrome extension compatibility #1500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yogeshchoudhary147 merged 4 commits into from
Jan 9, 2026
Merged

fix: add closePopup option for Chrome extension compatibility #1500

yogeshchoudhary147 merged 4 commits into from
Jan 9, 2026

Conversation

@yogeshchoudhary147
Copy link
Contributor

@yogeshchoudhary147 yogeshchoudhary147 commented Jan 9, 2026
edited
Loading

Fixes #1318

Problem

When using loginWithPopup() in Chrome extensions, the popup closes immediately after receiving the authorization response. This terminates the extension's service worker before token exchange completes, leaving the user unauthenticated.

Solution

Added a closePopup option to PopupConfigOptions:

  • true (default): SDK closes the popup automatically after receiving the authorization response
  • false: SDK does not close the popup. The caller is responsible for closing it, including on errors.

This gives users full control over the popup lifecycle, which is especially useful for Chrome extensions where closing too early terminates the service worker.

Changes

  • utils.ts: Modified popup closing logic to respect closePopup option
  • global.ts: Added JSDoc documentation for closePopup option with try/finally usage example
  • loginWithPopup.test.ts: Added comprehensive test coverage for the closePopup option

Usage

const popup = window.open('', '_blank');
try {
  await auth0.loginWithPopup({}, {
    popup: popup,
    closePopup: false  // SDK won't close the popup
  });
  // Tokens are cached, authentication successful
} catch (error) {
  // Handle authentication errors
  console.error('Login failed:', error);
} finally {
  // Always close popup, even on errors
  popup.close();
}

This also provides flexibility for other use cases like showing post-login messages or executing additional logic before closing the popup.

Testing

Unit Tests

Added 4 test cases covering:

  • Default behavior (popup closes immediately)
  • Explicit closePopup: true
  • closePopup: false (SDK does not close popup on success)
  • closePopup: false (SDK does not close popup on token exchange failure)

All tests pass ✅

Manual Testing

Manually tested the fix in Chrome extension scenarios:

Before fix:

  • ❌ Popup closes immediately after authorization
  • ❌ Extension terminates before token exchange
  • ❌ User remains unauthenticated (no tokens cached)

After fix with closePopup: false:

  • ✅ SDK does not close the popup
  • ✅ User closes popup in finally block after loginWithPopup completes
  • ✅ Tokens are successfully cached before popup closes
  • ✅ User is authenticated
  • ✅ On reopening extension, user is logged in (tokens persisted in localStorage)
  • ✅ Popup properly closed even when errors occur

Other scenarios:

  • ✅ Default behavior: Popup closes immediately after authorization (no regression)

Backward Compatibility

No breaking changes. Default behavior unchanged - popup still closes immediately after authorization.

Credits

This PR builds upon the initial investigation and work by @ashwsn.

Closes #1318

@yogeshchoudhary147 @ashwsn
fix: delay popup close for Chrome extensions with closePopup option
47dc974 
This fixes an issue where Chrome extensions would close prematurely when
the popup window closes during authentication, interrupting the token
exchange process.

Changes:
- Add closePopup option to PopupConfigOptions (default: true)
- Modify utils.ts to conditionally close popup based on closePopup setting
- Add finally block in Auth0Client.ts to close popup after token exchange
- Always close popup on error cases (state mismatch, auth errors)

Fixes #1318

Co-authored-by: ashwsn <[email protected]>
@yogeshchoudhary147 yogeshchoudhary147 requested a review from a team as a code owner January 9, 2026 06:57
@yogeshchoudhary147
test: add tests for closePopup option in loginWithPopup
c9dd30c 
- Test default behavior (popup closes immediately)
- Test explicit closePopup: true
- Test closePopup: false (delays popup close until after token exchange)
- Test error handling (state mismatch with closePopup: false)
- Test finally block execution on token exchange failure
@yogeshchoudhary147 yogeshchoudhary147 mentioned this pull request Jan 9, 2026
Closed
6 tasks
frederikprijck
frederikprijck requested changes Jan 9, 2026
View reviewed changes
Copy link
Member

@frederikprijck frederikprijck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A boolean called closePopup to control when and not if a popup should be closed feels weird. I expect when setting it to false, it wouldnt close, so this code feels very unexpected:

if (config.closePopup === false && config.popup) {
  config.popup.close();
}

@yogeshchoudhary147
refactor: simplify closePopup behavior based on feedback
a8cdeb6 
- When closePopup: false, SDK no longer closes the popup
- User is responsible for closing popup after loginWithPopup completes
- Provides more flexibility and clearer API semantics
- Updated tests and documentation to reflect new behavior

This addresses feedback from @frederikprijck to avoid confusing behavior
where closePopup: false still resulted in SDK closing the popup.
@yogeshchoudhary147 yogeshchoudhary147 changed the title fix: delay popup close for Chrome extensions with closePopup option fix: add closePopup option for Chrome extension compatibility Jan 9, 2026
@yogeshchoudhary147
refactor: SDK never closes popup when closePopup is false
4dc16ac 
- Removed state mismatch error closing logic
- When closePopup: false, user has full control over popup lifecycle including errors
- Updated documentation to show try/finally pattern for proper cleanup
- Updated comments to reflect new behavior
- Removed state mismatch error test, updated remaining tests

This simplifies the API - closePopup: false means SDK never touches the popup.
User handles all cleanup in try/finally block.
@yogeshchoudhary147 yogeshchoudhary147 merged commit 5b8f678 into main Jan 9, 2026
13 checks passed
@yogeshchoudhary147 yogeshchoudhary147 deleted the fix/popup-close-chrome-extensions branch January 9, 2026 13:24
@yogeshchoudhary147 yogeshchoudhary147 mentioned this pull request Jan 12, 2026
Merged
yogeshchoudhary147 added a commit that referenced this pull request Jan 12, 2026
@yogeshchoudhary147
Release v2.11.2 (#1502)
506894f 
**Added**
- fix: add closePopup option for Chrome extension compatibility
[\#1500](#1500)
([yogeshchoudhary147](https://github.com/yogeshchoudhary147))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frederikprijck frederikprijck frederikprijck approved these changes

@gyaneshgouraw-okta gyaneshgouraw-okta Awaiting requested review from gyaneshgouraw-okta

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Login popup closes before flow is complete, making login impossible in Chrome extensions

3 participants

@yogeshchoudhary147 @frederikprijck