Authentication on subdirectory #499
Comments
|
Hi there! Thanks for the detailed question and context. This isn't something we had time to test with Next.js 9.5 as NextAuth.js 3.0 released the same day, so there might well be a bug here. The configuration you have sounds right, and I would expect that to work.
|
|
Hey, thanks for the response! I'll get you that info below. A couple things I should mention maybe first:
Next: v9.4.4 Next Auth: v3.0.1
Next: v9.4.4 Next Auth: v2.2 I am not sure under what conditions, but I was able to get user data to load and https://mydomain.com/myapp/api/auth/session returned a session.
Next: v9.5 Next Auth: v2.2 (results are similar to Next: v9.4 Next Auth: v2.2 case)
Next: v9.5 Next Auth: v3.0.1 (results are similar to Next: v9.4 Next Auth: v3.0.1 case)
Apologies if these pictures aren't sufficient for showing the cookies. If there is a preferred way, I can get them to you in that manner. Also, I am just now figuring out how to add images so if taking a look at code snippets can help, I'll gladly provide. Thanks in advance for your help and time! |
|
EDIT 2: Cloudflare was the issue on Next Auth v2.2 (see EDIT 1 below). The issue I had with Next Auth v3.0.1 remains So I cleared cookies and rolled my production deployment to Next v9.5 and Next Auth v2.2 and began going over and proof reading my post above. Afterwards, I went back to my app and logged in and immediately got back user data and a session, https://webdeveloperbeau.com/recipemanager/api/auth/session returns a user session. I could navigate the site as well and the session remained. Here are the cookies the browser had at the time:
I signed out and cleared cookies just in case. Upon trying to sign in again, I don't get user data back and https://webdeveloperbeau.com/recipemanager/api/auth/session returns an empty session. So it seems to sometimes work but I don't know why? EDIT 1: Okay, I am almost sure my CDN cloudflare is causing the problem of getting back a session on Next Auth v2.2. When I manually clear cookies, purge my cloudflare cache, and then finally wait 30 seconds for cloudlfare to purge to take effect, I can sign in and get back user data and a session! Taking a closer look, it looks like a set a page rule on https://mydomain/* to cache EVERYTHING and that was causing conflicts. After deleting that page rule, things work smoothly in production now using Next Auth v2.2. |
|
@JSONJuggler This is incredibly complete, thank you for all the detail. I'm going to come back to this and see if there is anything we can write up to help folks out in future. I'd be interested to know if Next: v9.5 and Next Auth: v3.0.1 are playing nicely for you (sorry wasn't quite clear on that; I might just need to re-read the above; I will do that!). I'm also interested in any recommendations you have for things we could do (e.g. a debug page? better console logs?) that would make debugging something like this easier. |
|
Not a problem @iaincollins, thank you for creating such an awesome tool/library! I am currently using Next: v9.5 and Next Auth: v2.2 in production I tried Next: v9.5 and Next Auth: v3.0.1 in production and still had issues after removing aggressive Cloudflare caching Also on v3.0.1, incorrect credentials results in the login page being displayed again with a url of: https://mydomain.com/myapp/?callbackUrl=https://mydomain.com&error=CredentialsSignin when I expected the unbranded error page to show. Recommendations |
|
Correction: In all my above posts, NEXTAUTH_URL= https://mydomain.com/myapp/api/auth Also forgot to mention (incase this helps) And then i tried NEXTAUTH_URL= https://mydomain.com/myapp and these were the logs from Heroku: In both of the above cases on Next Auth v3.0.1, browser network tab looked the same: Browser network tab on Next Auth v2.2 |
|
Thank you, that's super useful! To confirm, I assume I'll have a go at creating an app like this that uses Next.js 9.5 and see if I can replicate! Will keep you updated. Thanks again for all the info you've provided. |
|
Any update on this - facing the same issue with nextJS 9.5 and next-auth 3.1.0 It seems to ignore my custom basePath and request auth from |
|
To replicate the problem with basePath just clone the example repo and add a module.exports = {
basePath: '/myapp'
}and a The app will show the frontpage at Server side everything looks ok. If you console logs {
baseUrl: 'http://localhost:3000',
basePath: '/myapp/api/auth',
keepAlive: 0,
clientMaxAge: 0,
_clientLastSync: 0,
_clientSyncTimer: null,
_eventListenersAdded: false,
_clientSession: undefined,
_clientId: 'bvip9uf3dxukfoco1ao',
_getSession: [Function: _getSession]
}
http://localhost:3000/myapp/api/authClient side this is the result By adding a NEXT_PUBLIC_NEXTAUTH_URL to the mix and changing var __NEXTAUTH = {
baseUrl: (0, _parseUrl.default)(process.env.NEXTAUTH_URL || process.env.NEXT_PUBLIC_NEXTAUTH_URL ||
process.env.VERCEL_URL).baseUrl,
basePath: (0, _parseUrl.default)(process.env.NEXTAUTH_URL || process.env.NEXT_PUBLIC_NEXTAUTH_URL).basePath,
keepAlive: 0,
clientMaxAge: 0,
_clientLastSync: 0,
_clientSyncTimer: null,
_eventListenersAdded: false,
_clientSession: undefined,
_clientId: Math.random().toString(36).substring(2) + Date.now().toString(36),
_getSession: () => {}
}It looks like everything works as wanted clientside as well. The best option would probably be to use NEXT_PUBLIC_NEXTAUTH_URL instead of NEXTAUTH_URL. All NEXT_PUBLIC_ envs are available clientside as well. That would however be a breaking change so I guess supporting both is a smoother start. |
|
Hey I just realized what the problem is, it's supported but recently realized the feature isn't documented. *facepalm* If you have a custom base path you can specify it client site this way: import { Provider } from 'next-auth/client'
export default function App ({ Component, pageProps }) => {
return (
<Provider session={pageProps.session}
options={{
basePath: `/custom-app/api/auth`
}}>
<Component {...pageProps} />
</Provider>
)
}You can absolute do what @zrrrzzt suggested (the client is happy to pick it up that way too). Many thanks to folks contributing to this thread. We'll need to update the docs. |
|
Sorry, forgot to mention that I tested the undocumented basePath i the Provider options yesterday. |
|
double sorry :-) I did not set the basePath the whole way down to the auth folder. Just re-read your comment @iaincollins and with the full path in Provider.options everything seems okay. |
|
Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks! |
|
Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks! |
|
An additional wrinkle in this problem. If you are using a basePath for your application, and after logging in you are redirected to We are working with Azure B2C, and created a custom provider based on a great example, https://benjaminwfox.com/blog/tech/how-to-configure-azure-b2c-with-nextjs. It worked like a charm until we needed to serve the application under a subdirectory. We tried setting The Answer: Why post changes next-auth's behavior? I do not know. (now I'm going to add some text that may help people find this). |
|
Please somebody help me. Next auth isn’t creating session token for me in production while it creates session token in local host. I can’t get what’s wrong. |
|
// .env file: // next.config.js |
|
Thanks @serbioortega |
Your question(s)
Is it possible to setup authentication of a single app on a subdirectory of a domain? I am having trouble getting next-auth to play nice with nextjs's ability to customize an app's basepath (before the recent update to nextjs 9.5 and after the update to 9.5).
What are you trying to do
Hello. I am working on authentication for an app on a subdirectory of a domain like https://mydomain.com/myapp. I hadn't gotten it working quite right yet and I suspect it is because of something weird going on with having my app have a custom basePath in production since it works fine in my dev environment running off of localhost:300 (I can't seem to get a non null session back at: https://mydomain.com/myapp/api/auth/session even after returning a user object in the authorize handler of the Credentials provider. Things work fine in development using http://localhost:3000).
Another issue I am having has very recently cropped up after updating to v3 from v2.2. On v3, getSession calls seem to hit: https://mydomain/api/auth/session (even after setting NEXTAUTH_URL=https://mydomain.com/myapp) and gets back 404 responses while on v2.2, getSession calls hit: https://mydomain/myapp/api/auth/session and gets back a null session. Any insight into this?
Documentation feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.
The text was updated successfully, but these errors were encountered: