Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

withMiddlewareAuthRequired hardcodes the returnTo path #1062

Closed
7 tasks done
pstoica opened this issue Feb 11, 2023 · 3 comments
Closed
7 tasks done

withMiddlewareAuthRequired hardcodes the returnTo path #1062

pstoica opened this issue Feb 11, 2023 · 3 comments
Labels
question Further information is requested

Comments

@pstoica
Copy link

pstoica commented Feb 11, 2023

Checklist

  • The issue can be reproduced in the sample app (or N/A).
  • I have looked into the README and have not found a suitable solution or answer.
  • I have looked into the examples and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

I have a basePath configured on my project which interferes with the middleware function's returnTo:

nextjs-auth0/src/helpers/with-middleware-auth-required.ts

Line 73 in 9388372

new URL(`${login}?returnTo=${encodeURIComponent(`${pathname}${search}`)}`, origin)

This doesn't look configurable as it's always using the pathname of the request, which omits the basePath.

Reproduction

  1. Set a basePath
  2. Use withMiddlewareAuthRequired
  3. Note that not having permissions will redirect you to /, not /:basePath

SDK version

2.2.1

Next.js version

12.3.3

Node.js version

17.8.0
@adamjmcgrath
Copy link
Contributor

Hi @pstoica - thanks for raising this

Can you tell me a bit more about your use case? In what circumstances would your middleware not be on the same domain as the /login and /callback routes.

Also, apologies for late replies - I'm away at the moment.

As a workaround for the time being you can use getSession to create your own middleware.

import { getSession } from '@auth0/nextjs-auth0/edge';
import { NextResponse } from 'next/server';

export default async function middleware(req) {
  // ...
  const res = NextResponse.next();
  const loggedIn = !!(await getSession(req, res));
  // ...
}

@adamjmcgrath adamjmcgrath added the question Further information is requested label Feb 14, 2023
@pstoica
Copy link
Author

pstoica commented Feb 14, 2023

Hi! I actually have two apps on the same domain; the second app is under the basePath.

Login and callback are on both apps and function fine. The variables are also shared. The only problem is, going to the subapp unauthenticated will redirect you to the main app (then you login and end up on the main app).

I was able to work around this by adding an extra returnTo:

    login: `${process.env.BASE_PATH}/api/login?returnTo=${process.env.BASE_PATH}`,

This prevents the original returnTo from happening, but ends up in the query param. This is totally fine for now!

@adamjmcgrath
Copy link
Contributor

Hi @pstoica - please continue to use your workaround. I don't want to change the default base url handling for the middleware - but I'll continue to monitor this use case in case we need to make something configurable

@ZacharySchaffter ZacharySchaffter mentioned this issue Jul 28, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pstoica @adamjmcgrath