fix(next-auth): Add support for Next.js basePath configuration #10797
+33
−9
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
☕️ Reasoning
When I add basePath configuration to Next.JS config, the API routes are broken.
If both AUTH_URL and NextAuth basePath configurations are empty, NextAuth will look like it works correctly. But, OAuth redirects callback URI is omitted basePath, so will fail.
In case of settings with AUTH_URL with full path: http://localhost:3000/basepath/api/auth, or adding NextAuth basePath configuration like /basepath/api/auth, NextAuth will raise Unknown Action Error.
I’ve investigated this error and figured out that it is caused by the Next.JS specification or bug. NextAuth parses the NextRequest URL and creates an action with the request URL. But, Next.JS with basePath configuration reports that the URL does not contain basePath. The simple Next.JS project here reproduces this issue.
https://github.com/k3k8/nextjs-base-path-issue
This issue has been reported in the Next.JS repository, but has not yet received any responses from the members. (vercel/next.js#60956)
I suspect that the Next.JS app router should rewrite from an inbound URL to an internal one. Thus this is likely to be a specification, in my opinion.
Consequently, I’ve decided to fix this problem with next-auth components. The problem is caused by the Next.JS specification; my commits are only on the next-auth package. No commits are on core libraries.
I’ve created reqWithBasePathURL and estimateBasePath on packages/next-auth/src/lib/env.ts and modified reqWithEnvURL call point.
Configuration sample:
Next.Js baesPaht: “/base_path”, NextAuth config.basePath: “/base_path/api/auth”
The reqWithEnvURL called POST or GET request, and req: NextRequest contains like this:
http://localhost:3000/api/auth/session The estimateBasePath function estimates from the request URL and config.BasePath.
If you set a Next.JS
basePath
such as/base_path
, the NextAuth config should be contain full path to auth dir. AUTH_URL: http://localhost:3000/base_path/api/auth, or basePath: /base_path/api/auth.Configuring the full path to AUTH_URL is a v4 specification, and this correct configuration also works. AUTH_URL: http://locahost:3000/, basePath: /base_path/api/auth
These configuration rules are obeyed on document one (https://authjs.dev/reference/warnings#env-url-basepath-redundant).
🧢 Checklist
🎫 Affected issues
#9274
#9984
#10009
📌 Resources