Announcing the Beta Release of nextjs-auth0 SDK v4 🎉 #1808
Comments
|
Thank you for the beta release! Do you have any migration documentation or best practices available? |
|
@curry1337 we do have a comprehensive documentation that you can refer to- https://github.com/auth0/nextjs-auth0/blob/v4/README.md. Hope this helps! |
|
@brth31 The documentation is lacking a coherent migration strategy for those using earlier versions; so far advice from the only auth0 engineer in these threads has delivered application-breaking fixes that actually made our application less secure. I would disagree with the use of the word "comprehensive" in your previous comment, and I disagree with a product strategy that ignores what paying customers are telling you about this release's clear unreadiness for use in production environments. |
|
@brth31 Thanks, what about the Edge Runtime? Couldn't find anything about it in the Readme. Is import { Auth0Client } from "@auth0/nextjs-auth0/server" replacing the old edge? |
|
@curry1337 not representing auth0 or Vercel, but happy to help a fellow engineer: Vercel reverted all edge rendering back to Node.js seven months ago, so the distinction is currently moot from a practical standpoint (although the Edge API remains in the Next.js docs, so Edge rendering may return in time, so it makes sense you would want the auth0 adapter to ensure support for it). Hope this helps you and your team plan for the future! |
|
@johncarmack1984 Wow thanks so much for sharing, really appreciated! |
|
Is there, or will there be, a way to use this without middleware? Middleware only feels like more of a limitation, rather than a "feature". Update: After some testing, it seems like we're able to use the |
|
I have tried (albeit a bit “commending myself to god”) to implement from 0 in a totally clean project using the initial steps indicated in the “getting started” article of NextJS 15. I followed the steps they mention in v4 beta, but not only is it not entirely clear, but it didn't work for me. Is there any place where you can give a “practical” example or a test repo, or a sandbox to see how you implement it?
|
|
Hi @portal7, I have a project that will be deployed to NextJs 15, and the Auth0 SDK is delaying us. We're going to wait for version 1.0 of SDKv4. In the meantime, I created a basic example to see how it works. You can check it out to get an idea. |
Thanks!!! I really appreciate it, I'm going to try it out and then.... we'll see. |
|
Well, I downloaded it and tried to run it, but I have not been able to get it to work. (unfortunately, I don't have enough experience in JS development to be able to go deeper and investigate what would be the problem). |
|
Oh, this is because of npm i, many packages need to specify the version of React 19 to avoid that issue. |
|
@uprizingFaze , thanks for the clarification, I will read the explanation to improve my knoweldge. After rename and fil the values inside the .env.local values was able to run it with any other console error. But.... Same as my capture with a fresh-started project with the new package installed. |
|
It is likely due to the Auth0 environment variables or the URLs in the Auth0 dashboard. Dashboard of my example: |
|
Well, after configuring the variables again in auth0 with the indicated values (I registered a new app so as not to modify what I had) and it worked. The strange thing was that when I clicked on logout, I got an error that the value of the logout URL that I had passed was not valid. And this is my configuration on Auth0 this was fixed when I added http://localhost:3000 (what the Auth0 error page said) as an enabled value.
Thanks @uprizingFaze |
|
@portal7 Did you make sure your app in Auth0 is set as a 'Regular Application'? 'Settings -> Application Properties -> Application Type -> Regular Web Application' |
|
Hi @ctcooper , |
for next, you should use Regular Web Application: |
|
Is there any example of the new v4 working with org invitations? |
Hey, any news on a migration guide? |
|
@brth31 Could you please provide an update on when we can expect the stable release of v4? Our team has decided to wait for the stable release and not rely on the beta version. |
|
@curry1337 we are tentatively aiming to go GA later this month. I will share more updates closer to the release date. |
|
@brth31 Great! Thank you for replying so quickly. |
|
When I retrieve the AccessToken, the Payload section is missing. Is this issue occurring for anyone else? This happens both when setting up from scratch with beta9 and accessing /auth/access-token, as well as in projects updated from v3.5.0. In both cases, the Payload section is missing. |
|
@neptaco - I was not seeing the payload until I overwrote the |
|
@mcgaryes In v3.5.0, I used the environment variable AUTH0_AUDIENCE for the configuration, but in v4, it seems that this setting is no longer applied via environment variables. I’m not sure whether this change is intentional in v4 or if it’s a bug where environment variables are not being loaded. |
Docs seem to indicate this is now configured with manually setting up the client. Would be good for the migration one to indicate this needs to be adjusted if so!
Update: This seems to be not influencing to aforementioned bug. #1843 |
|
I also stumbled on the audience issue. Needed to supply it in the auth0 client initialization like @mcgaryes mentioned to get a valid payload in the JWT access token. Would be good to document this in the migration guide if it is intended. |
|
We noticed that with v4 Auth0 uses EDIT: |
Furthermore, right now you cannot use Middleware with OpenNext and Cloudflare. |
|
Next.js version: 15.1.0 Update: The Auth0 application must have at least one connection. The actual error was highlighted in the OAuth exchange. |
|
Any updates on how organization invites are used and implemented with v4? |
|
My kingdom for a migration guide. I've followed the Beta readme and am not succeeding. So many breaking changes, I think I need to see a bare bones example project from the authors. |
|
I'm almost ready to give the node package a try... https://github.com/auth0/node-auth0 In the time I've spent debugging auth0 for nextjs I might have been able to built my own auth provider. Some people found it easy. Others didn't. |
|
Is there any new GA target date? |
|
Is there something I need to do to get useUser() to stop pinging /auth/profile when I'm logged out. It seems like every 10 seconds it pings it even though it's unauthorized (I don't know if this is a bug or I'm doing something wrong, I'm literally just calling useUser()):
Edit, I think this has to do with the way I log out. In order for logout to work, I enabled RP-Initiated Logout End Session Endpoint Discovery. I notice that this unwanted pinging only starts happening after I first log out via a logout anchor url. But I still don't know whats being done wrong or how to fix it. |
I am getting this error, but I am using an application that in fact has a connection, so this is not the problem I think. Could it be something else? Is it possible that a cookie from v3 is not compatible with a cookie from v4? I am currently logged in with a user that was logged in using v3 while testing the upgrade. It would obviously be very bad if everyone had to logout to accomplish this upgrade. Edit: It turns out this was because the cookie shares the same name as the Clerk cookie, which is "__session". Deleting that session cookie fixed the problem. However it would be nice to be able to configure the cookie name! |
|
Hello, does the latest version support Preview URLs and Branch URLs on Vercel? The issue is having different domains, causing the redirect URI to mismatch. |
Use a |
|
This is getting ridiculous. When is the final version going to be available? What are we paying for? Hundreds of companies paying for these integrations and we are stuck with half baked release. |
@jamiebytebender I ended up evalutating Clerk as an alternative and it's a much better dev experience. |
|
Would it be possible to export types from the library, such as the |
|
Any thoughts on pulling the My original thought was to update my etc/hosts file, but this comes with its own challenges. It wont be an issue when we're on separate domains, but would be a huge DX improvement when developing locally. There are some other places that pull in environment variables so I think it would be a simple as: |
|
Any update on the timeline for the stable release of v4? |
@JordanHoffman I am noticing this too. Did you ever find a workaround for this? |
Unfortunately no. I'm just working on a personal project so it's not urgent for me, but I'm keeping my fingers crossed that in the final release it will go away. Hopefully some solution can be provided here. |
|
I have a feeling someone in the community is going to make their own community-backed library for Auth0 specifically bc their company selected Auth0 and they can't get out of it. The thought has crossed my mind more than thrice. |
It would make sense if Auth0 were free, but we're paying hundreds of dollars for it. We specifically chose Auth0 because it's a paid service and with that comes the expectation of better support. This is something Auth0 should be addressing directly - it's frustrating and disappointing that they're so unresponsive. |
|
Is there an updated expected release date for v4? It's been almost a month since the original announced release date has passed and multiple requests for an update. At least an update on what the status is would be appreciated. All of our other 3rd party sdks and libraries have pretty quickly updated to support React 19/ Next 15, but we are blocked on the upgrade due to this release. |
|
@brth31 can we get an update on the release date please? |
|
@jdwitten apologies for the delay. Security review and other release readiness tasks are taking us more time than we anticipated. We are unable to rush through these tasks considering this is a major version release with significant changes to the SDK internals. We're trying out best to release the GA this week. I appreciate your patience here. |
and others
Hello everyone,
We're thrilled to announce the beta release of nextjs-auth0 SDK v4! This new version brings significant improvements, new features, and fixes to enhance your development experience.
As we move forward, we will not be updating v3 of the SDK to support Next.js 15. This allows us to focus on v4, which offers a wealth of new features and improvements. This will also enable us to support future releases of Next.js faster and with more confidence. We understand this may pose challenges, and we're here to help.
v3 will continue to receive critical security updates for 6 months after the GA of v4.
📣 Highlights of v4 Beta
✍️ Try It Out and Provide Feedback
We invite you to explore the beta release and share your feedback to help us improve before the general availability release. We are currently targeting a general availability release by the end of December.
Beta Release: v4.0.0-beta.3
⛵ Need Help with Migration?
If you encounter challenges migrating to v4, please don't hesitate to open an issue and our team will assist you. We're committed to making the transition as smooth as possible.
Thank You for Your Support 🙌
We appreciate your understanding as we focus on making v4 the best it can be. Your feedback is invaluable, and we're here to support you every step of the way.
Happy coding! 🚀
— The Auth0 DX SDK Team
The text was updated successfully, but these errors were encountered: