This repository was archived by the owner on Sep 8, 2025. It is now read-only.
This repository was archived by the owner on Sep 8, 2025. It is now read-only.
GoTrue-py: redirect_to parameter incorrectly passed in SSO authentication #670
Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
In the sign_in_with_sso method of the GoTrue client, the redirect_to parameter is incorrectly being passed as a separate parameter to the _request method instead of being included in the request body. This could cause issues with SSO redirects not working as expected.
To Reproduce
The current implementation in the GoTrue client looks like this:
return self._request(
"POST",
"sso",
body={
"domain": domain,
"skip_http_redirect": skip_http_redirect,
"gotrue_meta_security": {
"captcha_token": "",
},
},
redirect_to=redirect_to, # <-- Issue: redirect_to as separate parameter
xform=parse_sso_response,
)The redirect_to should instead be included in the request body:
return self._request(
"POST",
"sso",
body={
"domain": domain,
"skip_http_redirect": skip_http_redirect,
"gotrue_meta_security": {
"captcha_token": "",
},
"redirect_to": redirect_to, # <-- Fix: include in body
},
xform=parse_sso_response,
)Expected behavior
The redirect_to parameter should be included in the request body to ensure proper handling of SSO redirects, consistent with the GoTrue API expectations.
System information
- Version of auth-py: [2.11.2]
Additional context
This issue affects both the domain-based and provider-based SSO authentication flows. The same fix should be applied to both cases in the sign_in_with_sso method.