Skip to content

Fix isolation of login flows when Using Multiple AuthProvider Instances#327

Open
kavindadimuthu wants to merge 3 commits intoasgardeo:mainfrom
kavindadimuthu:fix/provider-login-race
Open

Fix isolation of login flows when Using Multiple AuthProvider Instances#327
kavindadimuthu wants to merge 3 commits intoasgardeo:mainfrom
kavindadimuthu:fix/provider-login-race

Conversation

@kavindadimuthu
Copy link
Contributor

@kavindadimuthu kavindadimuthu commented Jan 22, 2026
edited
Loading

This pull request fix the isolation of login flows when Using Multiple AuthProvider Instances. The changes ensure that authentication flows and storage are correctly scoped to each instance, preventing conflicts when multiple auth clients are used in the same application. The update also adds utilities to detect if the current URL is intended for a specific instance.

Key changes include:

Multi-auth instance support in authClient:

  • Updated the legacy AsgardeoAuthClient to use an instance property for instanceID instead of a static class property, ensuring each client instance is independent. Storage keys and state parameters now include the correct instanceId. [1] [2] [3] [4]

URL utilities and authentication flow:

  • Added the hasCalledForThisInstanceInUrl utility to check if the current URL's state parameter matches the expected instance, and exported it from the browser SDK. [1] [2]
  • Updated the useBrowserUrl React hook and AsgardeoProvider to use the new utility, ensuring authentication callbacks are processed only by the correct client instance. [1] [2] [3] [4] [5]

Related Issues

Related PRs

Checklist

  • Followed the CONTRIBUTING guidelines.
  • Manual test round performed and verified.
  • Documentation provided. (Add links if there are any)
  • Unit tests provided. (Add links if there are any)

Security checks

This was referenced Jan 23, 2026
Open
Open
@kavindadimuthu kavindadimuthu force-pushed the fix/provider-login-race branch from f3b7233 to 2e893ab Compare February 2, 2026 08:54
brionmario
brionmario previously approved these changes Feb 3, 2026
View reviewed changes
DonOmalVindula
DonOmalVindula reviewed Feb 3, 2026
View reviewed changes
packages/javascript/src/__legacy__/client.ts
authRequestConfig['client_secret'] = configData.clientSecret;
}

authRequestConfig['state'] = 'instance_' + this.getInstanceId() + '-' + configData.clientId;
Copy link
Contributor

@DonOmalVindula DonOmalVindula Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it better to include this in a separate variable? @brionmario

@asgardeo-github-bot
Copy link

asgardeo-github-bot commented Feb 5, 2026

⚠️ No Changeset found

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go.

If these changes should result in a version bump, you need to add a changeset.

Refer Release Documentation to learn how to add a changeset.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DonOmalVindula DonOmalVindula DonOmalVindula left review comments

@brionmario brionmario brionmario left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: Fail to isolate login flows when Using Multiple Nested AuthProvider Instances with unique instanceID

4 participants

@kavindadimuthu @asgardeo-github-bot @brionmario @DonOmalVindula