You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I started developing a small project using svelte5 where I am using auth.js as authentication using microsoft-entra-id provider. It works very well locally simply on visual studio code and also ok the hosted version of the app.
Then I decided to give a try to continue development with these vibe-coding tools, and here's where problems started.
I am using Google firebase studio, which is an hosted IDE identical to vscode, with the possibility to let Gemini understand and propose changes to the codebase.
Of course, since it's an hosted environment, once I run npm run dev, instead of going to localhost, I can browse the dev version on some firebase's URL, exposing the localhost of the hosted IDE, nothing strange.
However the problem is that as soon as I click on the signin button, instead of being redirected to the usual login.microsoft.com URL related with the tenant, I immediately get a POST failure with 403 forbidden error code. This relates with a post request made to the signin endpoint (Auth/signin/provider?), and looking at the error message this relates with CORS as it seems blocked by cross origin policy.
So this doesn't seem to have anything to do with my configuration of the provider, as it really never reaches the initialisation of the OAuth flow.
I am using the standard Auth handle, everything is just by the book.
Did you experience the same in the past? How did you solve it? Can this be solved or should I just make a mocked implementation of the Auth callback to mimic the behaviour in development?
I looked everywhere for similar situations but failed to find anything useful, I also tried prompting all AIs.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I started developing a small project using svelte5 where I am using auth.js as authentication using microsoft-entra-id provider. It works very well locally simply on visual studio code and also ok the hosted version of the app.
Then I decided to give a try to continue development with these vibe-coding tools, and here's where problems started.
I am using Google firebase studio, which is an hosted IDE identical to vscode, with the possibility to let Gemini understand and propose changes to the codebase.
Of course, since it's an hosted environment, once I run npm run dev, instead of going to localhost, I can browse the dev version on some firebase's URL, exposing the localhost of the hosted IDE, nothing strange.
However the problem is that as soon as I click on the signin button, instead of being redirected to the usual login.microsoft.com URL related with the tenant, I immediately get a POST failure with 403 forbidden error code. This relates with a post request made to the signin endpoint (Auth/signin/provider?), and looking at the error message this relates with CORS as it seems blocked by cross origin policy.
So this doesn't seem to have anything to do with my configuration of the provider, as it really never reaches the initialisation of the OAuth flow.
I am using the standard Auth handle, everything is just by the book.
Did you experience the same in the past? How did you solve it? Can this be solved or should I just make a mocked implementation of the Auth callback to mimic the behaviour in development?
I looked everywhere for similar situations but failed to find anything useful, I also tried prompting all AIs.
Many thanks
Beta Was this translation helpful? Give feedback.
All reactions