Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide NEXTAUTH_SECRET via options to withAuth #4838

Closed
sean-nicholas opened this issue Jul 5, 2022 · 9 comments 路 Fixed by #4846
Closed

Provide NEXTAUTH_SECRET via options to withAuth #4838

sean-nicholas opened this issue Jul 5, 2022 · 9 comments 路 Fixed by #4846
Labels
documentation Relates to documentation enhancement New feature or request good first issue Good issue to take for first time contributors middleware Related to middleware

Comments

@sean-nicholas
Copy link
Contributor

Description 馃摀

NextAuth has the possibility to get the secret passed by its options. It would be great to have that for withAuth, too. Currently withAuth only accepts the secret via env vars. We don't store our secrets in env vars and now we have to patch process.env to get withAuth to run.

I'm happy to create a PR. Just wanted to know upfront if there is any reason why secret can not be passed to withAuth.

How to reproduce 鈽曪笍

Possible in NextAuth:

export default NextAuth({
  secret: '馃',
})

Would be great to have this, too:

export default withAuth(middleware, {
  secret: '馃',
})

Contributing 馃檶馃徑

Yes, I am willing to help implement this feature in a PR
@sean-nicholas sean-nicholas added enhancement New feature or request triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Jul 5, 2022
@balazsorban44
Copy link
Member

Just curious, how do you provide environment variables to your code then?

@sean-nicholas
Copy link
Contributor Author

sean-nicholas commented Jul 5, 2022
edited

They are encrypted in the repo and are getting decrypted at runtime (decryption secret is provided via env var). We save them as .env file. But because vercel middleware does not support .env files (because fs is not supported) we save them as .ts file for the middleware.

Reasons:

  • We have a mono repo with many apps and don't want to set env vars for every project on different providers (we use vercel, serverless, and a bunch more).
  • In the past we have forgotten to set env vars and pushed code that did not work. That won't happen anymore ;)

@balazsorban44 balazsorban44 added documentation Relates to documentation good first issue Good issue to take for first time contributors and removed triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Jul 5, 2022
@balazsorban44
Copy link
Member

balazsorban44 commented Jul 5, 2022
edited

Sounds good then, thanks for explaining! I think we can consider this. 馃憤

Changes needed are here:

next-auth/packages/next-auth/src/next/middleware.ts

Line 105 in 4d4c276

if (!process.env.NEXTAUTH_SECRET) {

next-auth/packages/next-auth/src/next/middleware.ts

Line 86 in 4d4c276

}

And the wording in the docs:

https://next-auth.js.org/configuration/nextjs#prerequisites

https://next-auth.js.org/configuration/options#nextauth_secret

Especially the last one, as we should probably not consider removing this option after all.

Want to open a PR? 馃檪

@balazsorban44 balazsorban44 added the middleware Related to middleware label Jul 5, 2022
@sean-nicholas
Copy link
Contributor Author

Yes. Will open a PR in the next few days :)

@sean-nicholas sean-nicholas mentioned this issue Jul 5, 2022
Merged
3 tasks
@sean-nicholas
Copy link
Contributor Author

PR created 鈽猴笍 #4846

@sean-nicholas
Copy link
Contributor Author

@balazsorban44 Thank you very much. This was a great developer experience. Really quick answers and merge 馃ぉ. Keep up the great work :)

@adenugbamichael
Copy link

Pls am a beginner my withAuth file is not passing the any secret, the page is just blank

@adenugbamichael
Copy link

My withAuth Component////////////////////////////////////////////////////////////
////////////////////////////////////------------------------------------------

export default function (Component) {
return class withAuth extends React.Component {
renderProtectedPage() {
const { isAuthenticated } = this.props.auth

  if (isAuthenticated) {
    return <Component {...this.props} />
  } else {
    return (
      <BaseLayout {...this.props.auth}>
        <BasePage>
          <h1>
            You are not authenticated. Please Login to access this page.
          </h1>
        </BasePage>
      </BaseLayout>
    )
  }
}

render() {
  return
  this.renderProtectedPage()
}

}
}

@adenugbamichael
Copy link

class Secret extends React.Component {
render() {
debugger

return (
  <BaseLayout {...this.props.auth}>
    <BasePage>
      <h1>I am Secret Page</h1>
      <p>Secret Content Here</p>
    </BasePage>
  </BaseLayout>
)

}
}

export default withAuth(Secret)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Relates to documentation enhancement New feature or request good first issue Good issue to take for first time contributors middleware Related to middleware
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Secret Option in Middleware sean-nicholas/next-auth
3 participants
@sean-nicholas @balazsorban44 @adenugbamichael