Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error thrown by client-side signIn(... ,{ redirect: false }) call using EmailProvider with isAllowedToLogin check in signIn callback #6899

Closed
ekillops opened this issue Mar 9, 2023 · 0 comments
Closed

Error thrown by client-side signIn(... ,{ redirect: false }) call using EmailProvider with isAllowedToLogin check in signIn callback #6899

ekillops opened this issue Mar 9, 2023 · 0 comments
Labels
question Ask how to do something or how something works

Comments

@ekillops
Copy link

ekillops commented Mar 9, 2023
edited
Loading

Question 💬

Background
I have set up a redirect-less email login workflow on one of the pages in my application using an EmailProvider and the Client API's signIn() method with the { redirect: false } flag set. Rather than redirect, I want to show 'verify-request' or 'unauthorized' messages using state flags and conditional display logic.

In the back-end, I have custom "isAllowedToLogin" logic in the signIn() callback that checks a whitelist and redirects to an /unauthorized page if the user's email is not whitelisted, following the example in the docs here (this is used in the normal sign in flow that does use redirects). This is working well for the flow with redirects but is throwing an error when the { redirect: false } flag is set. I am currently catching and handling the error as a workaround, but am looking for a way to prevent the error from being thrown and instead add logic to determine that the user was unauthorized from the signIn() response.

(see code samples below)

Error
When I attempt to sign in with an email that is not whitelisted (and set redirect: false), an error is thrown with the following message: "TypeError: Failed to construct 'URL': Invalid URL"

Is this a known issue? Is there a better way to set up a redirect-less flow like this?

How to reproduce ☕️

signIn() callback (following example from docs: https://next-auth.js.org/configuration/callbacks#sign-in-callback)

...
callbacks: {
  signIn: asyc ({ user  }) => {
    const isAllowedToSignIn = false; // checking `user.email` against an email address whitelist here
    if (isAllowedToSignIn) {
      return true
    } else {
      return '/unauthorized';
    }
  }
}
...

front-end signIn() call using redirect: false option (with catch() workaround)

  try {
    const data = await signIn('email', { email: '[email protected]', redirect: false });
    if (data?.ok) {
      // Logic to show a "check email" / verify-request message here
    }
  } catch (error) {
    if (error = "TypeError: Failed to construct 'URL': Invalid URL") {
      // Logic to display an "unauthorized" message here...
    }
  }

Environment variables
NEXTAUTH_URL=http://localhost:3000

Version
"next-auth": "^4.3.4",

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR
@ekillops ekillops added the question Ask how to do something or how something works label Mar 9, 2023
@nextauthjs nextauthjs locked and limited conversation to collaborators Mar 10, 2023
@balazsorban44 balazsorban44 converted this issue into discussion #6913 Mar 10, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
question Ask how to do something or how something works
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ekillops