Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

with-middleware-auth-required and basePath #1329

Closed
6 tasks done
ZacharySchaffter opened this issue Jul 28, 2023 · 2 comments
Closed
6 tasks done

with-middleware-auth-required and basePath #1329

ZacharySchaffter opened this issue Jul 28, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@ZacharySchaffter
Copy link

ZacharySchaffter commented Jul 28, 2023
edited
Loading

Checklist

Description

There was an original bug reported here in #1062 that with-middleware-auth-required doesn't prepend the basePath. The solution was to append a static returnUrl.

We would like users to be redirected to the page they had tried to access prior to being redirected, which limits our ability to use the static returnTo solution.

This is causing issues for our setup similar to that original issue — our app serves distinct nextjs apps at different paths (e.g. app1 is served from domain.com/app1, and app2 is served from domain.com/app2). This means that redirects from nextjs-auth0 are redirecting users to a different application following successful login.

Expectation

Users should be redirected back to the original URL they were redirected from.

Possible Solution

The NextRequest.nextUrl property provides a basePath variable that seems to be set to the initial route paramer. Appending it to the NextResponse.redirect() url appears to fix this issue.

const { pathname, origin, search, basePath } = req.nextUrl;
{...}
new URL(`${login}?returnTo=${encodeURIComponent(`${basePath}${pathname}${search}`)}`, origin)

Are there any known reasons the NextRequest.nextUrl.basePath value shouldn't/couldn't be used here?

Reproduction

  • Set a basePath in the next.config
  • Update api paths in nav.tsx, layout.tsx, and env to include the basepath
  • Run app
  • Access the profile-middleware route to be redirected to universal login
  • Authenticate via universal login
  • Verify you're redirected back to the original URL, but with the base path omitted.

Additional context

nextjs-auth0 version

3.0.0

Next.js version

13.4.10

Node.js version

18.16.0
@adamjmcgrath
Copy link
Contributor

Hi @ZacharySchaffter - thanks for raising this

Are there any known reasons the NextRequest.nextUrl.basePath value shouldn't/couldn't be used here?

I can't think of one - will leave this open as an enhancement

@adamjmcgrath adamjmcgrath added the enhancement New feature or request label Jul 31, 2023
@adamjmcgrath adamjmcgrath mentioned this issue Aug 3, 2023
Merged
@adamjmcgrath
Copy link
Contributor

Hi @ZacharySchaffter

I've merged #1342 which should resolve your issue, once it's been released you can do:

withMiddlewareAuthRequired({ returnTo: ({ nextURL }) => `${nextURL.basePath}${nextURL.pathname}${nextURL.search}`});

I couldn't change the behaviour of the method itself in a minor release because it might break users that have worked around this limitation in the past (by customizing the login or callback handlers)

I'll publish the minor release later this week

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adamjmcgrath @ZacharySchaffter