-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signIn callbackUrl contains a # at the end? #532
Comments
I have the same issue, after signin (http://localhost:3000/#) and logout not working when I have # at the end. |
As a workaround, I'm returning the baseUrl from the redirect callback:
|
Nevermind. that still appends the hash at the end. weird |
Hmm I don't see this issue on the example site. Can you replicate this with the example project? I wonder, is your sign in link an |
@iaincollins I'm using Google provider. It might be something similar to what FB is doing? |
@iaincollins You can replicate the bug using the demo site by logging in via google provider |
Thanks! That's super weird because we don't even use the URL state from OAuth providers to store the URL (because not all providers support callback URLs NextAuth.js handles them itself). That is so odd that it only seems to happen with some providers (e.g. I don't see it with Twitter?). I wonder if if it's some bizzare browser behaviour where the OAuth provider page adds it and the browser decides to persist the # symbol on the redirect URL. I THINK I can think of workaround / fix for that, if that is what is going on... |
@iaincollins Yes, seems to not happen with firefox. But seems to happen with safari and chrome |
This seems to be a long held behaviour with Google OAuth: |
When login adds a hash to the url then hitting Signout button isn't refreshing the screen. It is logging out but a user can't tell. Is there any workaround to remove the hash being added by providers like Google to the browser url after callback? |
I'm currently using |
Hello. I am facing the same issue. When I login with Google it appends a '#' at the end of the url. When hitting the signout button nothing happens (no page refresh), so the user is not really sure if the web app really logged out. This behaviour was encountered on Chrome and Edge (which is Chromium based). On the other hand using Firefox the '#' in the end doesn't get appended. Similar behaviour seems to appear with Facebook as well which appends '#=' at the end of the url and also prevents the signout to reload the page. Do you have any tips on what may cause this or/and possible fixes? |
A solution could be to check in _app.js if the router.asPath ends with a "#" and push to the router.pathname _app.js import { useEffect } from "react";
function MyApp({ Component, pageProps, router }) {
useEffect(() => {
if (router.asPath.endsWith("#")) router.push(router.pathname);
});
return (...)
} Works for me for now but haven't tested thoroughly... |
A bit of googling and I discovered there's a lot of discussion about the standards/browsers view on preserving or not fragments e.g. #... on redirects (302). If you trace the network calls you can clearly see that no # is specified in the 'location' response cookie set by NextAuth on redirect using callbackUrl value, but the #_ =_ (in case of FB) is retained. |
A workaround and one I'm using is: 1 - In my ProectRouter component I send the path of the page that the user tried to access to / login as query params. protectRouter.tsx
2 - On the login page I build the callback url as follows, sending the user to an auxiliary redirection page, passing as query params the url he will return to (the url he tried accesses without login) : login.tsx
3 - And finally on the redirect page I push the route described in the query params redirect.tsx
|
🎉 This issue has been resolved in version 3.3.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
The issue is still valid on my end. Only that if there is no transition, the hash will malform the rest of the query. |
This issue is still present as of v4 with Google provider |
Using
|
I don't know how, but the following code fixes FB login redirect to
Enjoy |
Still present on Safari only for signin. Signout and Chrome working fine. "next-auth": "4.24.5" |
Please refer to the documentation, the example project and existing issues before creating a new issue.
Your question
A clear and concise question.
When signing in via a provider, the callbackUrl sometimes contains an # at the end. Can't seem to find the reason. help?
The text was updated successfully, but these errors were encountered: