auth0 · subhankarmaiti · Oct 1, 2025 · Oct 1, 2025 · Oct 1, 2025
@@ -54,10 +54,20 @@ export interface IWebAuthProvider {
     options?: NativeClearSessionOptions | WebClearSessionOptions
   ): Promise<void>;
 
+  /**
+   * Retrives the authenticated user's profile information.
+   *
+   * @remarks
+   * This method fetches the user's profile from the Auth0 session if available.
+   *
+   * @returns A promise that resolves with the user's profile information, or null if not authenticated.
+   */
+  getWebUser(): Promise<User | null>;
+
   /**
    * Checks the user's session and updates the local state if the session is still valid.
    */
-  checkWebSession(): Promise<User | null>;
+  checkWebSession(): Promise<void>;
 
   /**
    * Cancels an ongoing web authentication transaction.

@@ -55,6 +55,7 @@ export const Auth0Provider = ({
           window?.location?.search?.includes('state=');
         if (hasRedirectParams) {
           try {
+            user = await client.webAuth.getWebUser();
             // If it does, handle the redirect. This will exchange the code for tokens.
             await client.webAuth.handleRedirectCallback();
             // Clean the URL
@@ -68,7 +69,8 @@ export const Auth0Provider = ({
             dispatch({ type: 'ERROR', error: e as AuthError });
           }
         } else if (typeof window !== 'undefined') {
-          user = await client.webAuth.checkWebSession();
+          await client.webAuth.checkWebSession();
+          user = await client.webAuth.getWebUser();
         }
       } else if (await client.credentialsManager.hasValidCredentials()) {
         try {

@@ -29,7 +29,11 @@ export class NativeWebAuthProvider implements IWebAuthProvider {
     throw new AuthError('NotImplemented', webAuthNotSupported);
   }
 
-  async checkWebSession(): Promise<User | null> {
+  async checkWebSession() {
+    throw new AuthError('NotImplemented', webAuthNotSupported);
+  }
+
+  async getWebUser(): Promise<User | null> {
     throw new AuthError('NotImplemented', webAuthNotSupported);
   }
 

@@ -86,7 +86,7 @@ export class WebWebAuthProvider implements IWebAuthProvider {
       await this.client.logout({
         logoutParams: {
           federated: parameters.federated,
-          returnTo: parameters.returnToUrl,
+          returnTo: parameters.returnToUrl || window?.location?.origin,
         },
       });
     } catch (e: any) {
@@ -111,14 +111,17 @@ export class WebWebAuthProvider implements IWebAuthProvider {
     }
   }
 
-  async checkWebSession(): Promise<User | null> {
-    await this.client.checkSession();
+  async getWebUser(): Promise<User | null> {
     const spaUser: SpaJSUser | undefined = await this.client.getUser();
     // convert this to a User
     const user = this.convertUser(spaUser);
     return user;
   }
 
+  async checkWebSession() {
+    await this.client.checkSession();
+  }
+
   async cancelWebAuth(): Promise<void> {
     // Web-based flows cannot be programmatically cancelled. This is a no-op.
     return Promise.resolve();

@@ -193,7 +193,7 @@ describe('WebWebAuthProvider', () => {
 
       expect(mockSpaClient.logout).toHaveBeenCalledWith({
         logoutParams: {
-          returnTo: undefined,
+          returnTo: 'http://localhost',
           federated: undefined,
         },
       });
@@ -204,7 +204,7 @@ describe('WebWebAuthProvider', () => {
 
       expect(mockSpaClient.logout).toHaveBeenCalledWith({
         logoutParams: {
-          returnTo: undefined,
+          returnTo: 'http://localhost',
           federated: undefined,
         },
       });