Need to set NEXTAUTH_URL dynamically as an Option for multi-domain/multi-tenant use #9785
Replies: 148 comments
-
Server has a Lines 47 to 50 in 12a5d6b JWT. GetToken can be custom though: Lines 94 to 103 in 8115a7c And, for the client: Lines 24 to 26 in 8115a7c These are the references I found. @iaincollins I can try to fork and attempt a hack on my side, since I really need to solve this. If you can advise how to go about it, it would be awesome. It seems you intend to refine/refactor this at some point, as stated above. Above three are the only references I found. Any help is really appreciated. |
Beta Was this translation helpful? Give feedback.
-
Okay, so I managed to fork and make server-side work! Looking into the client side now... I added to server: const { origin } = absoluteUrl(req)
// @todo refactor all existing references to site, baseUrl and basePath
const parsedUrl = parseUrl(process.env.NEXTAUTH_URL || origin || process.env.VERCEL_URL) and export const absoluteUrl = (req) => {
var protocol = "https:"
var host = req
? req.headers["x-forwarded-host"] || req.headers["host"]
: window.location.host
if (host.indexOf("localhost") > -1 || host.indexOf(".local") > -1) {
protocol = "http:"
}
return {
protocol: protocol,
host: host,
origin: protocol + "//" + host,
}
} |
Beta Was this translation helpful? Give feedback.
-
Hi Sharad, If you are seeing this error there is likely problem with your build process or how you are linking to the libraries. You'd need to post and link to the repo before we can help with that. Regarding the wider question of supporting domains dynamically, this is something we don't support currently. I don't have an update on this I'm ready to share right now, but I hope there will be an update on this at some point in the coming weeks. |
Beta Was this translation helpful? Give feedback.
-
Thanks Iain, yes I am trying to get my head around this. I also started my own Adapter, based on your prisma adapter... to support multi-tenancy in database. Pretty much everything you have as-is, plus associating users with a Business (tenant) record. Excellent work with next-auth. So helpful. |
Beta Was this translation helpful? Give feedback.
-
We really need this as well, as we have a multi-tenant Next app in the works. It seems like you could take in a callback function in the |
Beta Was this translation helpful? Give feedback.
-
Our application is multi-tenant as well. We also need(ed) this feature. |
Beta Was this translation helpful? Give feedback.
-
I also need this to be able to properly setup salesforce as a custom oAuth2 provider:
There are cases where the user will need to specify their "subdomain" in order to be able to login. |
Beta Was this translation helpful? Give feedback.
-
I've tried to address this here: skilesare@86ea3de It may need some changes....and I only really focused on the session call back because I needed to get some data based on the domain in the session, but the pattern should be easy to follow for the other callbacks. Basically the request (req) just needs to be passed to these callbacks so that you can key in on the domain/sub domain. The other potential gotcha is the http vs https so if anyone has a suggestion for that, let me know. If any one wants to walk me through how to get this set up so that it can eventually be pulled in, let me know as well...haven't contributed to projects this big before and don't want to step on any toes. |
Beta Was this translation helpful? Give feedback.
-
Our application is multi-tenant as well. We also need(ed) this feature. I would like to be able to simply set the redirect_url in the provider options |
Beta Was this translation helpful? Give feedback.
-
One good reason to think to support multi-tenant is that nex-auth is likely to be deployed on vercel. On vercel each deployment has several domains (a lot more if the user defined aliases). Since this is a project for next.js, supporting Vercel looks natural to me. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
To anyone reading this, please stop +1 issues, it is really not helpful, and creates noise. 😕 If you have nothing constructive to add, do click "👍" on the original comment instead. |
Beta Was this translation helpful? Give feedback.
-
The problem with AUTH_TRUST_HOST is that it doesn't respect basePath option of nextjs. And it's because parse-url uses defaultUrl in when AUTH_TRUST_HOST is |
Beta Was this translation helpful? Give feedback.
-
it is big problem , because NEXTAUTH_URL is for client side url, and client side url could be multi domain, it would be cause wrong domain redirect , so baseUrl should not be static variable , or maybe set a option in authOptions to change baseUrl |
Beta Was this translation helpful? Give feedback.
-
@wildfrontend I see there is quite big refactor in v5 regarding this. I was referring to v4. The parse-url is gone and instead I see: Also I was talking about backend api/auth/providers not respecting basePath option and generating callback and redirect url without basePath. If your issue is on client side. You can get basePath from runtime config in _app.tsx:
in next.config.js you can set basePath from env param and also expose same value for runtime config (used in _app.tsx - as above)
|
Beta Was this translation helpful? Give feedback.
-
Very ugly workaround for v4 basePath issue when AUTH_TRUST_HOST is true: Since req.origin is set by toInternalRequest function (detectOrigin) reading x-forwarded-host header and then req.origin is used in parseUrl, but since x-forwarded-host doesn't contain any paths, we need to add it, so parseUrl respects basePath. pages\api\auth[...nextauth].ts
|
Beta Was this translation helpful? Give feedback.
-
Hey guys, (@mauron85, @wildfrontend) https://www.skcript.com/blog/how-to-build-multi-tenant-auth-nextjs |
Beta Was this translation helpful? Give feedback.
-
Any workaround for |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
@balazsorban44 Given the fact that this issue is by far the most upvoted one and was opened three years ago, I would like to kindly ask if it is possible to get a bit more attention? |
Beta Was this translation helpful? Give feedback.
-
Vercel published a multi-tenant |
Beta Was this translation helpful? Give feedback.
-
Same question on the v5 front, trying to accomplish this and the NextAuth default export no longer accepts the |
Beta Was this translation helpful? Give feedback.
-
Short Answer: It's not supported. Some devs may find a work around but if you don't know what you're doing then please look for an alternative option. I wasted a lot of time looking for it and, in the end, had to look for an alternative option. Clerk Auth supports it otherwise go for a custom auth solution. |
Beta Was this translation helpful? Give feedback.
-
i solve this issue by adding edit SessionProvider and add baseUrl and basePath (baseURL + '/api/auth') to get baseUrl you can use this code
|
Beta Was this translation helpful? Give feedback.
-
A solution for My requirement is to support multiple domains from one Nextjs build (thirteen different county domains). For each domain I need separate NextAuth Provider configuration because each domain will authenticate with different providers. For example, the configuration I will basis this on will look a little like:
As I have different domains I have not set the I dynamically generate the [...nextauth]/route.ts
I'm using Auth0 as the authentication Provider, this is the following Provider definition (reduced for brevity) returned dynamically:
Finally, I had to set
Any feedback or potential issues with this approach are appreciated! |
Beta Was this translation helpful? Give feedback.
-
I still don't understand how little support for this is given from Vercel. |
Beta Was this translation helpful? Give feedback.
-
We faced quite the same problem. Our project is hosted on several subdomains:
Authorization flow works perfectly fine on Step 1. Step 2.
There is a huge disadvantage to this approach. You cannot customize the handler itself. There is no function body where you can insert your own custom code. Therefore, we suggest rewriting the file as follows:
It works exactly the same while being more flexible. Every auth request goes through this 'middleware'. Here we're going to dynamically set the
Step 3.
The first
Step 4. After completing the previous steps, your authorization flow should work fine. If you're concerned about the rest of the code, you can follow these tutorials: part1 and part2. However, you may encounter a bug: when different users from different computers log in at the same time, their redirect URLs after successful login may get mixed up, and, as a result, users may end up in someone else's subdomain. Because of that users see Step 5.
Avoid using |
Beta Was this translation helpful? Give feedback.
-
Your question
How to dynamically work with Passwordless/Email auth, without setting NEXTAUTH_URL.
What are you trying to do
I am working on a use-case where NEXTAUTH_URL is not fixed at deploy-time or build-time, but run-time, for a multi-domain (single codebase) scenario. This is to have Email passwordless only.
I have had good success with next-auth other providers for usual scenarios, and absolutely love the simplicity.
Feedback
I tried to browse around the code to get a sense of dependency of the deploy-time NEXTAUTH_URL, and it seems that it is use only to define the Url for
sendVerificationRequest
. If there was a way to pass it as an option, it would do it.Please advise, whats the best approach.
Beta Was this translation helpful? Give feedback.
All reactions