Auth0 iframe in unauthenticated routes

Hi, I’m wondering why an Auth0 iframe is present in routes marked as “no authentication”. This iframe is generating 400 Bad Request under the hood and make the page so slow.

This is my config (Redwood 5.2.3, node 18):

I added useAuth={useAuth} to the Router, but the Redwood Auth documentation is not clear about it (sometimes this property was added to Router but other times it was not).

/* web/src/Routes.js  */

const Routes = () => {
  return (
    <Router useAuth={useAuth}>
      // I want no auth on this page.
      <Route path="/register-device/{token}" page={RegisterDevicePage} name="registerDevice" />
      // Private routes.      
      <Set private unauthenticated="login" wrap={WorkspaceLayout}>    
    <Router />

The page RegisterDevicePage just calls the mutation EnrollDevice:

/* web/src/pages/RegisterDevicePage/RegisterDevicePage.js */

const ENROLL_DEVICE = gql`
  mutation EnrollDevice($input: EnrollDeviceInput!) {
    enrollDevice(input: $input) {

This mutation is tagged with skipAuth:

/* api/src/graphql/devices.sdl.js */ 

enrollDevice(input: EnrollDeviceInput!): Device! @skipAuth

The problem

When I access to my page, it takes a lot of time to load and call the mutation and I see an IFrame with the Auth0 stuff:

Also, I see a Bad Request regarding authentication issues:

Why is all this happening in pages and mutations where authentication is not required? Is it possible to remove all this overkill Auth0 stuff?

After spending a long time, I finally found the issue:

  • I’m developing on my local environment and setup the Auth0 tenant with http://localhost:8910.
  • I found the issue when accesing instead of localhost.
  • When accessing the non-protected page a wrong Auth0 iframe is present.
  • If I access http://localhost:8910/register-device averything works as expected (no Auth0 iframe).

Hope it helps others facing this.

1 Like