Critical auth bug: redirectTo ignored when using signInWithSSO

[IdrisCelik]

Describe the bug

Describe the bug
When using signInWithSSO, the redirectTo option is ignored. Instead of redirecting to the provided URL, the user is redirected to the URL configured in the Supabase dashboard or in config.toml.

According to the documentation, the redirectTo parameter should determine where the user is redirected after authentication. This works correctly for signInWithOAuth, but not for signInWithSSO.

---

To Reproduce
Steps to reproduce the behavior:

1. Call signInWithSSO with a redirectTo parameter.
2. Observe that the payload sent to /auth/v1/sso correctly contains the redirect_to field.
3. After authentication, the redirect goes to the default dashboard/config URL instead of the provided one.

Payload that gets sent correctly has redirect_to not sure what skip http redirect does but Supabase js includes that in the payload as well?

{
  "code_challenge": null,
  "code_challenge_method": null,
  "provider_id": "*******",
  "redirect_to": "https://app.***.nl/foo/bar",
  "skip_http_redirect": true
}

The user should be redirected to the URL specified in redirectTo after successful authentication, as is the case with signInWithOAuth. Instead they get sent to the configured url in the dashboard.

Library affected

auth-js

Reproduction

No response

Steps to reproduce

No response

System Info

System:
    OS: Windows 11 10.0.26100
    CPU: (16) x64 AMD Ryzen 7 7840HS w/ Radeon 780M Graphics     
    Memory: 2.21 GB / 15.29 GB
  Binaries:
    Node: 22.18.0 - C:\nvm4w\nodejs\node.EXE
    npm: 11.5.2 - C:\nvm4w\nodejs\npm.CMD
    pnpm: 10.19.0 - C:\nvm4w\nodejs\pnpm.CMD
  Browsers:
    Chrome: 142.0.7444.134
    Edge: Chromium (139.0.3405.102)
  npmPackages:
    @supabase/supabase-js: ^2.80.0 => 2.80.0
    supabase: ^2.54.11 => 2.54.11

Used Package Manager

pnpm

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Supabase JS Library issue and not an issue with the Supabase platform. If it's a Supabase platform related bug, it should likely be reported to supabase/supabase instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[IdrisCelik]

Thanks a lot @mandarini , this solved a big issue for us and a lot of confusion haha!

[IdrisCelik]

If you got the time, would appreciate it if you could checkout supabase/auth#2271 which is another, relatively simple, SAML issue that we couldn't workaround.

[mandarini]

Thank you for the contribution @IdrisCelik ! :D

I'll check the other issue, but since it's not a bug, I will not prioritize for now, but will definitely keep it under my radar!! Thank you again so much!!