fix(auth): add automatic browser redirect to signInWithSSO

mandarini · mandarini · commit 008271f1273a · 2025-11-11T12:28:33.000+02:00
diff --git a/packages/core/auth-js/src/GoTrueClient.ts b/packages/core/auth-js/src/GoTrueClient.ts
@@ -1334,6 +1334,12 @@ export default class GoTrueClient {
         headers: this.headers,
         xform: _ssoResponse,
       })
+
+      // Automatically redirect in browser unless skipBrowserRedirect is true
+      if (result.data?.url && isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(result.data.url)
+      }
+
       return this._returnResult(result)
     } catch (error) {
       if (isAuthError(error)) {
diff --git a/packages/core/auth-js/src/lib/types.ts b/packages/core/auth-js/src/lib/types.ts
@@ -786,6 +786,12 @@ export type SignInWithSSO =
         redirectTo?: string
         /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string
+        /**
+         * If set to true, the redirect will not happen on the client side.
+         * This parameter is used when you wish to handle the redirect yourself.
+         * Defaults to false.
+         */
+        skipBrowserRedirect?: boolean
       }
     }
   | {
@@ -797,6 +803,12 @@ export type SignInWithSSO =
         redirectTo?: string
         /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string
+        /**
+         * If set to true, the redirect will not happen on the client side.
+         * This parameter is used when you wish to handle the redirect yourself.
+         * Defaults to false.
+         */
+        skipBrowserRedirect?: boolean
       }
     }
 
diff --git a/packages/core/auth-js/test/GoTrueClient.test.ts b/packages/core/auth-js/test/GoTrueClient.test.ts
@@ -3100,6 +3100,25 @@ describe('SSO Authentication', () => {
     expect(data).toBeNull()
   })
 
+  test('signInWithSSO should support skipBrowserRedirect option', async () => {
+    // Note: In a browser environment with SAML enabled, signInWithSSO would
+    // automatically redirect to the SSO provider unless skipBrowserRedirect is true.
+    // This test verifies the option is accepted (actual redirect behavior cannot
+    // be tested in Node.js environment)
+    const { data, error } = await pkceClient.signInWithSSO({
+      providerId: 'valid-provider-id',
+      options: {
+        redirectTo: 'http://localhost:3000/callback',
+        skipBrowserRedirect: true,
+      },
+    })
+
+    // SAML is disabled in test environment, so we expect an error
+    expect(error).not.toBeNull()
+    expect(error?.message).toContain('SAML 2.0 is disabled')
+    expect(data).toBeNull()
+  })
+
   test.each([
     {
       name: 'with empty options',

Original file line number	Diff line number	Diff line change
`@@ -786,6 +786,12 @@ export type SignInWithSSO =`
`786`	`786`	`redirectTo?: string`
`787`	`787`	`/** Verification token received when the user completes the captcha on the site. */`
`788`	`788`	`captchaToken?: string`
	`789`	`+ /**`
	`790`	`+ * If set to true, the redirect will not happen on the client side.`
	`791`	`+ * This parameter is used when you wish to handle the redirect yourself.`
	`792`	`+ * Defaults to false.`
	`793`	`+ */`
	`794`	`+ skipBrowserRedirect?: boolean`
`789`	`795`	`}`
`790`	`796`	`}`
`791`	`797`	`\| {`
`@@ -797,6 +803,12 @@ export type SignInWithSSO =`
`797`	`803`	`redirectTo?: string`
`798`	`804`	`/** Verification token received when the user completes the captcha on the site. */`
`799`	`805`	`captchaToken?: string`
	`806`	`+ /**`
	`807`	`+ * If set to true, the redirect will not happen on the client side.`
	`808`	`+ * This parameter is used when you wish to handle the redirect yourself.`
	`809`	`+ * Defaults to false.`
	`810`	`+ */`
	`811`	`+ skipBrowserRedirect?: boolean`
`800`	`812`	`}`
`801`	`813`	`}`
`802`	`814`