Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect to a custom signIn and signout signOut pages isn't working with domain names #12350

Open
qstyler opened this issue Dec 6, 2024 · 2 comments
Open

Redirect to a custom signIn and signout signOut pages isn't working with domain names #12350

qstyler opened this issue Dec 6, 2024 · 2 comments
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@qstyler
Copy link

qstyler commented Dec 6, 2024

Environment

  System:
    OS: macOS 15.1.1
    CPU: (10) arm64 Apple M1 Max
    Memory: 891.56 MB / 32.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 20.11.0 - /usr/local/bin/node
    Yarn: 1.22.22 - /opt/homebrew/bin/yarn
    npm: 10.2.5 - /opt/homebrew/bin/npm
    pnpm: 8.15.7 - /opt/homebrew/bin/pnpm
  Browsers:
    Chrome: 131.0.6778.109
    Edge: 131.0.2903.86
    Safari: 18.1.1
  npmPackages:
    @auth/unstorage-adapter: ^2.0.0 => 2.7.4
    next: latest => 15.0.4
    next-auth: beta => 5.0.0-beta.25
    react: ^18.2.0 => 18.3.1

Reproduction URL

https://github.com/qstyler/next-auth-example/blob/main/auth.ts#L61

Describe the issue

When you give your signIn custom page values with the full domain name next-auth will not respect that and will fall into an infinite redirect loop.
I relied on this behaviour in the v4 and I expect it to keep working in v5.

How to reproduce

Add a custom signIn page to next-auth configuration:

  pages: {
    signIn: 'http://localhost:3000/any-page-will-break'
  },

Go to the protected resource (middleware-example in your example)

➜  ~ curl -I http://localhost:3000/middleware-example
HTTP/1.1 307 Temporary Redirect
location: /http://localhost:3000/any-page-will-break?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fmiddleware-example

The location header will have a slash at the beginning. You will either get into an infinite loop or get a 404 message depending on your settings.

Expected behavior

Redirect correctly to the provided full URL of the page. Without a slash.

location: http://localhost:3000/any-page-will-break?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fmiddleware-example
@qstyler qstyler added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Dec 6, 2024
@nic-vo
Copy link

nic-vo commented Dec 7, 2024

I think you need to use relative paths instead of absolute. If you pass in { pages: { signIn: "/page_name" }} instead, the config should work both in your dev environment and wherever it's deployed.

Servers and browsers generally understand that paths starting with a / are all relative to the domain

@TDanyStark
Copy link

TDanyStark commented Dec 11, 2024
edited
Loading

I Have the same problem, but my path if it is absolute

export const authConfig = {
pages: {
signIn: '/login',
},

I followed the next.js guide
https://nextjs.org/learn/dashboard-app/adding-authentication

but when I try to access a protected route, for example /dashboard, the middleware redirect to
/login?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fdashboard

then when i do login with the email and password, my app redirect to the /dashboard view, BUT you still see in the URL
/login?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fdashboard

I fixed it by simply deleting the custom login page., BUT i need my custom page, I've tried everything, Youtube Videos, I read the auth js documentation.

image

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qstyler @TDanyStark @nic-vo