feat(middleware): support custom cookieName (#4385)

* feat: Add the support of custom cookieName on the next-auth/middleware * chore: Only accept used params based on NextAuthConfig * docs: Remove duplicated docs Co-authored-by: Balázs Orbán <info@balazsorban.com>
nextauthjs · May 31, 2022 · 7d8cc70 · 7d8cc70
1 parent 75602a3
commit 7d8cc70
Showing 1 changed file with 22 additions and 3 deletions.
diff --git a/packages/next-auth/src/next/middleware.ts b/packages/next-auth/src/next/middleware.ts
@@ -1,5 +1,5 @@
 import type { NextMiddleware, NextFetchEvent } from "next/server"
-import type { Awaitable, NextAuthOptions } from ".."
+import type { Awaitable, CookieOption, NextAuthOptions } from ".."
 import type { JWT, JWTOptions } from "../jwt"
 
 import { NextResponse, NextRequest } from "next/server"
@@ -22,6 +22,22 @@ export interface NextAuthMiddlewareOptions {
    */
   pages?: NextAuthOptions["pages"]
 
+  /**
+   * You can override the default cookie names and options for any of the cookies
+   * by this middleware. Similar to `cookies` in `NextAuth`.
+   * 
+   * Useful if the token is stored in not a default cookie.
+   * 
+   * ---
+   * [Documentation](https://next-auth.js.org/configuration/options#cookies)
+   *
+   * - ⚠ **This is an advanced option.** Advanced options are passed the same way as basic options,
+   * but **may have complex implications** or side effects.
+   * You should **try to avoid using advanced options** unless you are very comfortable using them.
+   *
+   */
+  cookies?: Partial<Record<keyof Pick<keyof NextAuthOptions["cookies"], "sessionToken">, Omit<CookieOption, "options">>>
+
   /**
    * If a custom jwt `decode` method is set in `[...nextauth].ts`, the same method should be set here also.
    * 
@@ -30,7 +46,6 @@ export interface NextAuthMiddlewareOptions {
    */
   jwt?: Partial<Pick<JWTOptions, "decode">>
 
-
   callbacks?: {
     /**
      * Callback that receives the user's JWT payload
@@ -91,7 +106,11 @@ async function handleMiddleware(
     return NextResponse.redirect(errorUrl)
   }
 
-  const token = await getToken({ req, decode: options?.jwt?.decode })
+  const token = await getToken({
+    req,
+    decode: options?.jwt?.decode,
+    cookieName: options?.cookies?.sessionToken?.name
+  })
 
   const isAuthorized =
     (await options?.callbacks?.authorized?.({ req, token })) ?? !!token