Hi team,
A really strange issue has just popped up for us today. One of our apps is infinitely redirecting after login and we can't figure out why.
Everything was working on Friday, and we haven't done any deployments since then, but now any user of the app is stuck in an infinite redirect loop.
More strange is that this is only happening on a single app in a single env.
Has there been any changes that we should be aware of?
no, we have 2 environments, with 2 apps in each.
Only 1 app in the production env has suddenly broken
are you able to provide a link to your public authentication? or screenshots of what the errors are showing in the browser console?
There's no errors in the browser console that I can see, it's just instantly redirecting. Strangely enough though it only seems to be happening to some users. I just signed up with a new user and it didn't happen, which makes it looks like it might be related to business logic, It's just a bit odd given it came out of nowhere
But just wanted to check to see if anything had changed at this stage, if not we'll take a look on our side
Ok, i've spent some time digging into it and it's starting to look like a potential issue on your side, more than happy to be proven wrong.
Hi are you able to share an id or email address of a user this is an issue for please?
https://jwt.io/ is showing it showing it correctly, but when running that function in the browser this is what i'm getting:
InvalidCharacterError: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
at :3:23
at mn (:16:5455)
Thanks, can you confim:
standard email and password.
No MFA
the redirect appears to occur somewhere in your SDK, It's not making it to my callback
I have a token from a working user and a non working user. Is there a way for me to share them securely with you
Ok, some good news. I've just tried updating @kinde-oss/kinde-auth-react
from 3.0.20
to 4.0.1
and that appears to have done the trick
Attempting a deploy now to see if this is fixed on production, difficult to verify on localhost as prod API's are blocking
Still worth looking into on your side, the fact that random tokens can't be decoded is pretty concerning
OK that's good to know, we'll continue to investigate the issue in the earlier version. Could you send a revised jwt token for the user that was previously broken if possible please
Hi team, has there been any update on this? Appreciate that updating the client has fixed it, but I'm pretty concerned that this occurred and we had no notification about it, and it took me digging into your client side SDK to resolve it
Hey thanks for the detailed breakdown. shared the two tokens with me, I’ve ran the old decoder logic on both of them and they both seem to parse fine in the browser (tested Firefox and Chrome), which browser was badToken
failing to parse in?
Hi Dave,
Can you share the code you're using to parse them? I tested it in multiple browsers (chrome, firefox, safari) and they're all producing the same result
const response = JSON.parse(atob(goodUserToken.split(".")[1]))This is the parsing code in the previous version of the SDK
I'm getting the same results when I step through your SDK and paste into the browser console, the functions are fairly standard so I wouldn't expect any differences in their internal implementation
Hmm I used this also and parsing was fine for both
const response = JSON.parse(atob(goodUserToken.split(".")[1]))
Not sure what else I can say mate. I've had it confirmed happening on multiple browsers across multiple users and multiple tokens