New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Entire site withAuth
middleware with custom login routes
#4848
Comments
withAuth
middleware with custom login routes
I'm also experiencing this issue running My
Removing the For reference, I'm using the example custom signin screen from the NextAuth docs:
|
I have investigated this, and I could reproduce it with just the following: import { type NextRequest, NextResponse } from "next/server"
export async function middleware(req: NextRequest) {
if (req.nextUrl.pathname !== "/login") {
req.nextUrl.pathname = "/login"
return NextResponse.redirect(req.nextUrl)
}
} Which means this is not a NextAuth.js bug, but rather something in Next.js. I notified the team, please keep an eye on a Next.js update on this. |
Thank you for the prompt response @balazsorban44 😄 |
Thank you @balazsorban44 and @benderham 😄 I'm running into this issue as well. It seems it is blocking the ability to use a custom login page with middleware. Is there an issue reported against NextJS somewhere for tracking purposes? Where should we look for an update? |
So further investigation shows this is because we don't handle requests against This is because Middleware is now invoked against all requests, not just I'll reopen this for now. |
If its helpful, I am also encountering this on a custom sign in page
|
|
So I corrected myself, and this is not an upstream issue, but rather the consequence of Next.js running Middleware for all requests, not just for pages, which is a better/more secure default. Probably the solution here is to bail out early when requests are going to
|
Yeah, it's running the middleware on all requests because there is no For now we can do the following: import { withAuth } from "next-auth/middleware";
export default withAuth({
callbacks: {
authorized: async ({ req }) => {
const pathname = req.nextUrl.pathname;
if (pathname.startsWith("/_next") || pathname === "/favicon.ico") {
return true;
}
return false;
},
},
pages: {
signIn: [path_to_custom_signIn_page],
},
}); Perhaps someone can create a PR to have the condition added to the withAuth middleware. |
Thanks @dimbslmh, I've updated the above to include a check for the import { withAuth } from 'next-auth/middleware';
export default withAuth({
callbacks: {
authorized: async ({ req, token }) => {
const pathname = req.nextUrl.pathname;
if (pathname.startsWith('/_next') || pathname === '/favicon.ico')
return true;
if (token) return true;
return false;
},
},
pages: {
signIn: '/login',
},
}); |
An Please give it a try! |
I tried the import { withAuth } from 'next-auth/middleware';
export default withAuth({
pages: {
signIn: '/',
signOut: '/auth/signout',
error: '/auth/error',
},
}); |
Hi I am trying to use middleware to protect every possible route, is there a one line code using matcher to protect any route? Thanks.
but what shows up is an infinite loop url with error message: "localhost redirected you too many times." |
|
import { withAuth } from "next-auth/middleware";
export default withAuth({
callbacks: {
authorized: async ({ req, token }) => {
const pathname = req.url;
console.log("pathnaem ", pathname);
if (token) return true;
if (pathname === "http://localhost:3000/api/login") return true;
return false;
},
},
pages: {
signIn: "/login",
error: "/error",
},
}); i've done for this issue, i think you use backend at the same nextjs project so the backend url for login page is also blocked with middleware, i suggest define your backend api in withauth authorized callback and return true if login backend url is hit or any api url's to perform login proccess then issue will gone. |
Environment
System:
OS: Linux 5.15 Ubuntu 20.04.4 LTS (Focal Fossa)
CPU: (16) x64 AMD EPYC 7B13
Memory: 13.58 GB / 62.81 GB
Container: Yes
Shell: 5.0.17 - /bin/bash
Binaries:
Node: 16.15.1 - ~/.nvm/versions/node/v16.15.1/bin/node
Yarn: 1.22.19 - ~/.nvm/versions/node/v16.15.1/bin/yarn
npm: 8.11.0 - ~/.nvm/versions/node/v16.15.1/bin/npm
npmPackages:
next: 12.1.7-canary.51 => 12.1.7-canary.51
next-auth: latest => 4.8.0
react: ^18 => 18.2.0
Reproduction URL
https://github.com/justinforlenza/nextauth-example
Describe the issue
When using the middleware to require users to login (For entire site not just specific matches) with custom login routes. It causes syntax errors because JS files are being returned as the index html file
How to reproduce
Expected behavior
User should be presented with login page when not authenticated
The text was updated successfully, but these errors were encountered: