fix(auth): add automatic browser redirect to signInWithSSO (#1849)

mandarini · web-flow · commit 01e1948fd97b · 2025-11-11T13:48:14.000+02:00
diff --git a/packages/core/auth-js/src/GoTrueClient.ts b/packages/core/auth-js/src/GoTrueClient.ts
@@ -1334,6 +1334,12 @@ export default class GoTrueClient {
         headers: this.headers,
         xform: _ssoResponse,
       })
+
+      // Automatically redirect in browser unless skipBrowserRedirect is true
+      if (result.data?.url && isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(result.data.url)
+      }
+
       return this._returnResult(result)
     } catch (error) {
       if (isAuthError(error)) {
diff --git a/packages/core/auth-js/src/lib/types.ts b/packages/core/auth-js/src/lib/types.ts
@@ -788,6 +788,12 @@ export type SignInWithSSO =
         redirectTo?: string
         /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string
+        /**
+         * If set to true, the redirect will not happen on the client side.
+         * This parameter is used when you wish to handle the redirect yourself.
+         * Defaults to false.
+         */
+        skipBrowserRedirect?: boolean
       }
     }
   | {
@@ -799,6 +805,12 @@ export type SignInWithSSO =
         redirectTo?: string
         /** Verification token received when the user completes the captcha on the site. */
         captchaToken?: string
+        /**
+         * If set to true, the redirect will not happen on the client side.
+         * This parameter is used when you wish to handle the redirect yourself.
+         * Defaults to false.
+         */
+        skipBrowserRedirect?: boolean
       }
     }
 
diff --git a/packages/core/auth-js/test/GoTrueClient.test.ts b/packages/core/auth-js/test/GoTrueClient.test.ts
@@ -3100,6 +3100,25 @@ describe('SSO Authentication', () => {
     expect(data).toBeNull()
   })
 
+  test('signInWithSSO should support skipBrowserRedirect option', async () => {
+    // Note: In a browser environment with SAML enabled, signInWithSSO would
+    // automatically redirect to the SSO provider unless skipBrowserRedirect is true.
+    // This test verifies the option is accepted (actual redirect behavior cannot
+    // be tested in Node.js environment)
+    const { data, error } = await pkceClient.signInWithSSO({
+      providerId: 'valid-provider-id',
+      options: {
+        redirectTo: 'http://localhost:3000/callback',
+        skipBrowserRedirect: true,
+      },
+    })
+
+    // SAML is disabled in test environment, so we expect an error
+    expect(error).not.toBeNull()
+    expect(error?.message).toContain('SAML 2.0 is disabled')
+    expect(data).toBeNull()
+  })
+
   test.each([
     {
       name: 'with empty options',

Original file line number	Diff line number	Diff line change
`@@ -788,6 +788,12 @@ export type SignInWithSSO =`
`788`	`788`	`redirectTo?: string`
`789`	`789`	`/** Verification token received when the user completes the captcha on the site. */`
`790`	`790`	`captchaToken?: string`
	`791`	`+ /**`
	`792`	`+ * If set to true, the redirect will not happen on the client side.`
	`793`	`+ * This parameter is used when you wish to handle the redirect yourself.`
	`794`	`+ * Defaults to false.`
	`795`	`+ */`
	`796`	`+ skipBrowserRedirect?: boolean`
`791`	`797`	`}`
`792`	`798`	`}`
`793`	`799`	`\| {`
`@@ -799,6 +805,12 @@ export type SignInWithSSO =`
`799`	`805`	`redirectTo?: string`
`800`	`806`	`/** Verification token received when the user completes the captcha on the site. */`
`801`	`807`	`captchaToken?: string`
	`808`	`+ /**`
	`809`	`+ * If set to true, the redirect will not happen on the client side.`
	`810`	`+ * This parameter is used when you wish to handle the redirect yourself.`
	`811`	`+ * Defaults to false.`
	`812`	`+ */`
	`813`	`+ skipBrowserRedirect?: boolean`
`802`	`814`	`}`
`803`	`815`	`}`
`804`	`816`