You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And after i debugged into it i found that after i press back from browser and i adjusts navigateToAuthPage timeout to 10 seconds it goes to login page after that 10 seconds using that router.push.
Describe the bug
When clicking Login, navigateToAuthPage sets window.location.href to the external SSO URL and starts a 60s timer as a fallback. If the user presses Back in the browser after being redirected to SSO, the app is restored from bfcache while the timer is still running. After 60s, router.push(ssoUrl) fires — but Vue Router doesn't know the external SSO URL, resulting in a 404.
Additional observation
The bug only reproduces with a custom OIDC provider, not with built-in providers like GitHub.
When using GitHub provider, pressing Back does not trigger the 404 — the timer appears to be cancelled correctly or the navigation completes fast enough.
With a custom OIDC provider (in our case a SSO using prompt=consent and offline_access scope), the bug is consistently reproducible in production builds.
Would appreciate if someone could confirm whether the bfcache behaviour differs between built-in and custom providers, or am i using incorrect configuration.
Environment
🌍 Environment
@sidebase/nuxt-authversion: 1.1.1Provider: authjs
Nuxt version: 4.x
Only reproducible in production build (
nuxt build && nuxt preview)auth: {
isEnabled: true,
originEnvKey: 'AUTH_ORIGIN',
baseURL: "/api/auth",
provider: { type: 'authjs' },
},
Reproduction
📋 Steps to reproduce
nuxt build && nuxt preview(must be production build — does not reproduce innuxt dev)also here is a fork and what i did fixed it but i don't know why it happens in my custom provider and not GitHub provider for example.
Ziad-Ashraf-0@dd9f5a7
And after i debugged into it i found that after i press back from browser and i adjusts navigateToAuthPage timeout to 10 seconds it goes to login page after that 10 seconds using that router.push.
Describe the bug
When clicking Login,
navigateToAuthPagesetswindow.location.hrefto the external SSO URL and starts a 60s timer as a fallback. If the user presses Back in the browser after being redirected to SSO, the app is restored from bfcache while the timer is still running. After 60s,router.push(ssoUrl)fires — but Vue Router doesn't know the external SSO URL, resulting in a 404.Additional observation
The bug only reproduces with a custom OIDC provider, not with built-in providers like GitHub.
When using GitHub provider, pressing Back does not trigger the 404 — the timer appears to be cancelled correctly or the navigation completes fast enough.
With a custom OIDC provider (in our case a SSO using
prompt=consentandoffline_accessscope), the bug is consistently reproducible in production builds.Would appreciate if someone could confirm whether the bfcache behaviour differs between built-in and custom providers, or am i using incorrect configuration.
Additional context
No response
Well-Known OIDC Configuration
Click to expand
{ "issuer": "https://sso.nafeza.local:4439", "authorization_endpoint": "https://sso.nafeza.local:4439/auth", "token_endpoint": "https://sso.nafeza.local:4439/token", "userinfo_endpoint": "https://sso.nafeza.local:4439/me", "jwks_uri": "https://sso.nafeza.local:4439/jwks", "end_session_endpoint": "https://sso.nafeza.local:4439/session/end", "introspection_endpoint": "https://sso.nafeza.local:4439/token/introspection", "revocation_endpoint": "https://sso.nafeza.local:4439/token/revocation", "pushed_authorization_request_endpoint": "https://sso.nafeza.local:4439/request", "grant_types_supported": ["implicit", "authorization_code", "refresh_token"], "response_types_supported": ["code id_token", "code", "id_token", "none"], "response_modes_supported": ["form_post", "fragment", "query", "jwt", "query.jwt", "fragment.jwt", "form_post.jwt"], "scopes_supported": ["openid", "offline_access", "audience", "profile", "nafeza_api", "mobile"], "claims_supported": ["sub", "aud", "profile", "organizations", "nafeza_api", "platform", "sid", "auth_time", "iss"], "subject_types_supported": ["public"], "code_challenge_methods_supported": ["S256"], "token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_jwt", "client_secret_post", "private_key_jwt", "none"], "token_endpoint_auth_signing_alg_values_supported": ["HS256", "RS256", "PS256", "ES256", "Ed25519", "EdDSA"], "id_token_signing_alg_values_supported": ["ES256", "RS256"], "userinfo_signing_alg_values_supported": ["ES256", "RS256"], "dpop_signing_alg_values_supported": ["ES256", "Ed25519", "EdDSA"], "claims_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true, "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "claim_types_supported": ["normal"] }