Skip to content

HTTP interceptor emits error when interaction_required error is returned #926

Description

@mmawhinney

Checklist

Description

Similar to #429, I have a post-login action that redirects the user to my application. On that page, we collect user information and send a request to our backend to validate the input. Since the user was redirected and is not logged in, we set allowAnonymous: true on the route in the interceptor config to allow unauthenticated requests.

The issue is that the same redirect is encountered during the silent authentication performed by the interceptor and an interaction_required error is returned. This error type isn't handled in the allowAnonymous method in the interceptor, so the error is emitted by the error$ observable.

We never need this endpoint to be called with authentication, so we had a workaround of passing cacheMode: 'cache-only' to the tokenOptions setting, but that is also broken in recent versions of this library due to changes in #752 (in cache-only mode, getTokenSilently returns undefined if there is nothing in the cache so calling tokenOrResponse.accessToken throws an error).

Reproduction

  1. Have a post-login action that redirects the user to an application
  2. Set allowAnonymous: true on an API endpoint
  3. Call the above endpoint from the page the user was redirected to
  4. The /authorize call should return an interaction_required error

Additional context

No response

auth0-angular version

2.9.0

Angular version

21.2.x

Which browsers have you tested in?

Firefox, Chrome

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis points to a verified bug in the code

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions