Skip to content

fix(ui): prevent infinite spinner on factor-two without active 2FA session #7774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nikosdouvlis wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(ui): prevent infinite spinner on factor-two without active 2FA session #7774

nikosdouvlis wants to merge 2 commits into from

Conversation

@nikosdouvlis
Copy link
Member

@nikosdouvlis nikosdouvlis commented Feb 5, 2026
edited by coderabbitai bot
Loading

Summary

Users navigating directly to /sign-in#/factor-two without an active sign-in requiring 2FA would see an infinite loading spinner. This adds a status check to redirect them back to sign-in start, matching the existing pattern in SignInFactorOne.

  • Added useEffect to SignInFactorTwo that redirects when signIn.status is null, needs_identifier, or needs_first_factor
  • Dependency array only includes __internal_setActiveInProgress (not signIn.status) to avoid flash during valid sign-in completion

Why not signIn.status !== 'needs_second_factor'?

That condition catches complete status, causing a flash to the sign-in page before the final redirect. By explicitly checking for invalid statuses only, we avoid interfering with the normal sign-in completion flow.

Test plan

  • Direct navigation to /sign-in#/factor-two without active sign-in → redirects to sign-in start
  • Valid MFA sign-in flow → completes without flash to sign-in page

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes

    • Fixed an infinite loading spinner when navigating directly to the two-factor authentication sign-in page without an active 2FA session; users are now redirected to the correct sign-in step.

  • Chores

    • Relaxed commit message validation from failing to warning for subject-case violations to reduce CI failures while keeping guidance.

@vercel
Copy link

vercel bot commented Feb 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Feb 6, 2026 9:35am

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Feb 5, 2026
edited
Loading

🦋 Changeset detected

Latest commit: aecc1b5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@clerk/ui Patch
@clerk/chrome-extension Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 5, 2026
edited
Loading

Caution

Review failed

The head commit changed during the review from 48f40bc to fa494da.

📝 Walkthrough

Walkthrough

Adds a patch changelog entry noting a fix for an infinite loading spinner on the factor-two sign-in route. Updates SignInFactorTwo to import runtime Clerk hooks and a router, and adds a useEffect that redirects to the sign-in start path when mounted if signIn.status is null, 'needs_identifier', or 'needs_first_factor', unless an active in-progress operation exists; it skips redirect when status is 'complete'. commitlint's subject-case rule was relaxed from error to warning.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: fixing an infinite spinner issue on the factor-two sign-in route when there's no active 2FA session. It's specific, concise, and directly reflects the primary fix in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@nikosdouvlis
fix(ui): prevent infinite spinner on factor-two without active 2FA se…
6b510af 
…ssion

Why:
Users navigating directly to /sign-in#/factor-two without an active
sign-in requiring 2FA would see an infinite loading spinner because
there was no status check to redirect them back to sign-in start.

What changed:
Added useEffect to SignInFactorTwo that redirects to sign-in start
when signIn.status is null, needs_identifier, or needs_first_factor.
Matches the existing pattern in SignInFactorOne.

Key detail: dependency array only includes __internal_setActiveInProgress
(not signIn.status) to avoid triggering redirect during valid sign-in
completion when status changes to null.
@nikosdouvlis nikosdouvlis force-pushed the nikos/fix-factor-two-infinite-spinner branch from 5b2e2e4 to 6b510af Compare February 5, 2026 16:11
@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 5, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7774

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7774

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7774

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7774

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7774

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7774

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7774

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7774

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7774

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7774

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7774

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7774

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7774

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7774

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7774

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7774

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7774

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7774

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7774

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7774

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7774

commit: aecc1b5

@alexcarpenter alexcarpenter mentioned this pull request Feb 5, 2026
Closed
1 task
@nikosdouvlis
chore(repo): downgrade subject-case commitlint rule to warning
aecc1b5 
Acronyms like 2FA, SSO, JWT in commit subjects trigger false positives
with the strict case check.
@nikosdouvlis nikosdouvlis mentioned this pull request Feb 6, 2026
Merged
@nikosdouvlis nikosdouvlis force-pushed the nikos/fix-factor-two-infinite-spinner branch from fa494da to aecc1b5 Compare February 6, 2026 11:54
@nikosdouvlis nikosdouvlis mentioned this pull request Feb 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@octoper octoper octoper approved these changes

@wobsoriano wobsoriano wobsoriano approved these changes

Assignees

No one assigned

Labels

clerk-js core-3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nikosdouvlis @octoper @wobsoriano