How to authenticate without using window.open

[peteremiljensen]

Hi, how is it possible to use this library with only redirects? Such that the frontend doesn't need to call window.open but simply redirect to /auth/<provider>/login.

It seems to respond with a failed to get token - token cookie was not presented: http: named cookie not present. Probably due to the handshake cookie, which is a session-only, is cleared due to the location change.

[umputun]

the redirect-based flow should work fine, this is what the from param is for. the library sets a handshake cookie during /login and reads it back on /callback.

the error you're seeing suggests the cookie isn't making it through the oauth redirect. a few things to check:

1. SameSite setting - if you have SameSite set to Strict, cookies won't be sent on the callback since it's a redirect from an external site. it should be Lax (browser default) or None (requires Secure: true / HTTPS)

2. SecureCookies on HTTP - if SecureCookies: true but you're testing on http://localhost, the cookie won't be set at all. either use HTTPS or set SecureCookies: false for local dev

3. browser dev tools - check the Network tab on the /login request to see if the Set-Cookie header is present, and whether the cookie is actually stored (Application → Cookies)

4. Safari/iOS - these have stricter cookie policies that might block the cookie in some configurations

btw, the handshake cookie is always session-only (MaxAge: 0), which should persist across redirects within the same browser session. the issue is more likely in the cookie configuration than in using redirects vs window.open.

what's your SameSite and SecureCookies configuration? and are you testing on HTTP or HTTPS?