Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL Redirection Error on Authentication Failure (Middleware file) #10824

Closed
mdfaizanahmed786 opened this issue May 5, 2024 · 7 comments
Closed

URL Redirection Error on Authentication Failure (Middleware file) #10824

mdfaizanahmed786 opened this issue May 5, 2024 · 7 comments
Labels
documentation Relates to documentation

Comments

@mdfaizanahmed786
Copy link

mdfaizanahmed786 commented May 5, 2024
edited

Describe the issue

Page URL: https://authjs.dev/getting-started/session-management/protecting#nextjs-middleware

import { auth } from "app/auth";

export default auth((req) => {
if (!req. auth) {
const url = req.url.replace(req.nextUrl.pathname, "/login")
return Response.redirect(url)
}
});

This redirects to the incorrect URL path if no session: http://login/localhost:3000/

Approach to Fix

Can use a similar standard approach

import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'

// This function can be marked async if using await inside
export function middleware(request: NextRequest) {
return NextResponse.redirect(new URL('/home', request.url))
}

Expected behavior

It should redirect to http://localhost:3000/login
@mdfaizanahmed786 mdfaizanahmed786 added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels May 5, 2024
@sfsajid91
Copy link

This issue is found after upgrading Next.js to 14.2.

The current solution is to downgrade Next.js for now

@mdfaizanahmed786
Copy link
Author

@sfsajid91 so, let this issue be opened?

@sfsajid91
Copy link

Let the issue be opened till the fix

@oyal
Copy link

oyal commented May 25, 2024
edited

I tried to do this, but got stuck in infinite redirection:

import { auth } from '@/auth'

export default auth((req) => {
  if (!req.auth) {
    const url = new URL('/auth/sign-in', req.nextUrl.origin)
    return Response.redirect(url)
  }
})

export const config = {
  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
}

"next": "14.2.3",
"next-auth": "^5.0.0-beta.18",

image

@ThangHuuVu
Copy link
Member

@oyal to avoid infinite redirection, you'll need to exclude /login from the middleware

export const config = {
  matcher: ['/((?!/auth/sign-in|api|_next/static|_next/image|favicon.ico).*)'],
}

@ThangHuuVu ThangHuuVu added documentation Relates to documentation and removed bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels May 26, 2024
@ThangHuuVu
Copy link
Member

@mdfaizanahmed786 seems like a documentation issue to me. The example code is wrong

    // input: 'http://localhost:3000/', output: 'http:/auth/signin/localhost:3000/' 
    const url = req.url.replace(req.nextUrl.pathname, "/auth/signin")

It should use the syntax new URL() like your "Approach to fix" section instead. And it isn't related to next version.

@ThangHuuVu
Copy link
Member

Closing as duplicated, as it was fixed in #10815

@ThangHuuVu ThangHuuVu closed this as not planned Won't fix, can't repro, duplicate, stale May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Relates to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ThangHuuVu @mdfaizanahmed786 @oyal @sfsajid91