and here is the pm2 config on my web server :

"apps": [
    {
      "name": "dev.website.org",
      "exec_mode": "fork",
      "port": "3002",
      "script": "NUXT_PUBLIC_ENVIRONNEMENT=dev NUXT_ENVIRONNEMENT=dev PORT=3002 NITRO_PORT=3002 NUXT_PUBLIC_URL_FRONT=https://dev.website.org/ NUXT_PUBLIC_URL_API=https://dev.api.website.org/ node .output/server/index.mjs",
      "cwd": "/var/www/dev.website.org",
      "autorestart": true,
      "watch": false,
      "max_memory_restart": "1G",
      "env": {
        "NODE_ENV": "development"
      },
      "env_production": {
        "NODE_ENV": "production"
      }
    }

Any idea ?
Has someone used the local provider with basePath in production ?

IT works only if the baseUrl is hardcoded like that in nuxt.config.ts :

auth: {
    baseURL: "https://dev.api.website.org/",
    provider: {
      type: "local",
      ....
  },

Regarding your issue: It seems like there is no baseURL config field according to the docs. Just noticed that you're using version 0.6.0 where this has changed

I'm currently encountering the same issue in my OAuth flow.

My config:

auth: {
    origin: process.env.AUTH_ORIGIN,
    basePath: '/api/auth',
    defaultProvider: 'foobar',
    enableGlobalAppMiddleware: false,
},

I've checked that the AUTH_ORIGIN is correctly set to stage.example.com.

This is the OAuth flow observed from the Devtools:

1. GET https://stage.example.com/api/auth/signin?callbackUrl=https://stage.example.com/
2. Got redirect response to /login?callbackUrl=http://localhost:3000&error=undefined
3. Redirected to my Backend https://stage.example.com/oauth/authorize?client_id=...&scope=&response_type=code&redirect_uri=http://localhost:3000/api/auth/callback/foobar&state=...

I have no idea why the redirect response includes a callbck URL to localhost:3000, there is no such environment value or config setting. I can only imagine that this value is taken from the currently running host/port.

Yeah, we do deduce some stuff automatically - but in 0.6 this is a bit broken at the moment, sorry for that - the beta is not quite stable.

I don't have super much time at the moment but will try to resolve this ASAP!

@kaboume as a workaround you could try setting the NEXTAUTH_URL env variable. This seems to work fine for me

thanks @romanzipp

It's better but I'v still an issue.

Now the Call Api made by SignIn meythod is https://dev.api.website.org/api/auth/auth/login in the place of https://dev.api.website.org/auth/login

So Nuxt Auth added /ai/auth

When I display the config :

auth : { computed : {origin: '', pathname: '/api/auth', fullBaseUrl: '/api/auth'}

Regarding your issue: It seems like there is no baseURL config field according to the docs. Just noticed that you're using version 0.6.0 where this has changed

I'm currently encountering the same issue in my OAuth flow.

My config:

auth: {
    origin: process.env.AUTH_ORIGIN,
    basePath: '/api/auth',
    defaultProvider: 'foobar',
    enableGlobalAppMiddleware: false,
},

I've checked that the AUTH_ORIGIN is correctly set to stage.example.com.

This is the OAuth flow observed from the Devtools:

1. GET https://stage.example.com/api/auth/signin?callbackUrl=https://stage.example.com/
2. Got redirect response to /login?callbackUrl=http://localhost:3000&error=undefined
3. Redirected to my Backend https://stage.example.com/oauth/authorize?client_id=...&scope=&response_type=code&redirect_uri=http://localhost:3000/api/auth/callback/foobar&state=...

I have no idea why the redirect response includes a callbck URL to localhost:3000, there is no such environment value or config setting. I can only imagine that this value is taken from the currently running host/port.

having the same issue

I had the same issue but i was able to fix it by adding:

computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
   },

to

auth:{} 

I had the same issue but i was able to fix it by adding:

computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
   },

to

auth:{} 

Sorry, can I know where did you add this code? I mean changing from

computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
   },

to

auth:{}

@BracketJohn : is this issue fixed with the 0.6.0-beta.3 release ?

I had the same issue but i was able to fix it by adding:

computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
   },

to

auth:{} 

Sorry, can I know where did you add this code? I mean changing from

computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
   },

to

auth:{}

i added the whole computed object inside the auth object like this:

  auth: {
    computed: {
      origin: true,
      fullBaseUrl: process.env.AUTH_URL,
    },
...
}

Good morning,
I see that the bug has still not been fixed by the team.
I wonder if the project is still well maintained?

Hi @kaboume,

We have been pretty swampped over the summer with other projects, which is why our focus sadly had to shift away from sidebase for a while. I am currently rammping up my work on the project again and have this on my list of hotfixes, to look into!

Hello @kaboume @romanzipp 👋

I did some testing myself on version 0.6.0-beta.7. I can report the following:

• setting baseURL to http://localhost:3001/api/users modified all the requests properly and gave me the callback url of:

https://github.com/login/oauth/authorizeredirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fapi%2Fusers%2Fcallback%2Fgithub

Which did take my new route into account. Therefore, I conclude that in my Dev setup the baseURL property is working correctly.

According to the code, this should also be the case, as we take the given baseURL and pharse it for the origin as well as the path here using this package: https://github.com/unjs/ufo#parseurl

My follow up questions to properly determine your issues:

• What versions are you using. Does it still happen on 0.6.0-beta.7?
• Is this an issue only happening on production or already on dev servers?
• Does this only happen if you inject environment variables, or also when hard setting the value (I think this was mentioned above)
• Do you use the same properties I used below (if using >0.6.0)

// nuxt.config.ts
export default defineNuxtConfig({
  modules: ['@sidebase/nuxt-auth'],
  devServer: {
    port: 3001
  },
  auth: {
    baseURL: 'http://localhost:3001/api/users',
    provider: {
      type: 'authjs'
    },
    globalAppMiddleware: {
      isEnabled: true
    }
  }
})

Hi @zoey-kaiser
I just tested with version 0.6.0-beta.7 and I encounter the same problem.
When I develop locally, no problem. The problem appears when I deploy on a server (npm run build...)

Here is my configuration:

auth: {
     baseURL: process.env.NEXTAUTH_URL,
     provider: {
       type: "local",
       endpoints: {
         signIn: { path: "auth/login", method: "post" },
         signOut: { path: "auth/logout", method: "post" },
         signUp: { path: "auth/register", method: "post" },
         getSession: { path: "auth/profile", method: "get" },
       },
       pages: {
         login: "/login",
       },
       token: {
         signInResponseTokenPointer: "/token/accessToken",
       },
     },

My frontend calls my nodeJs backend to authenticate users with a login/password.
Thank you for your help.

Hi @kaboume,

Could you be so kind to tell me a bit about your deployment? Is it only a normal webserver where you then start the application or are you using Vercel, Netlify etc.
Also, does this happen when you build locally and start for production or only on your actual webserver?

Closed due to inactivity. If you still require more help, please comment in this issue and we can reopen it!

This issue still persists and not even after deployment, but locally too.

This is my auth config. NUXT_PUBLIC_API_BASE is set to http://localhost:3333

  auth: {
    baseURL: process.env.NUXT_PUBLIC_API_BASE || "http://localhost:3333",
    provider: {
      type: "local",
      endpoints: {
        signIn: { path: "/login", method: "post" },
        signOut: { path: "/logout", method: "post" },
        signUp: { path: "/register", method: "post" },
        getSession: { path: "/session", method: "get" },
      },
      pages: {
        login: "/auth/login",
      },
      token: { signInResponseTokenPointer: "/accessToken" },
      sessionDataType: {},
    },
    enableSessionRefreshPeriodically: 5000,
    enableSessionRefreshOnWindowFocus: true,
    globalMiddlewareOptions: {
      allow404WithoutAuth: true, // Defines if the 404 page will be accessible while unauthenticated
      addDefaultCallbackUrl: "/", // Where authenticated user will be redirected to by default
    },
  },

Using signIn method and it uses this URL for request http://localhost:3333/api/auth/login

Found out that these lines are probably the fault here

https://github.com/sidebase/nuxt-auth/blob/main/src/module.ts#L111-L113

And baseURL works when you put trailing slash at the end; like so http://localhost:3333/, which shouldn't work like so. It should work without trailing slash.

Found out that these lines are probably the fault here

main/src/module.ts#L111-L113

And baseURL works when you put trailing slash at the end; like so http://localhost:3333/, which shouldn't work like so. It should work without trailing slash.

Glad I found this issue and scrolled down. I wanted to report this issue aswell. I documented this in my config like so:

// IMPORTANT: it needs a trailing slash else /api/auth is appended
// but the trailing slash is not set for the endpoints
baseURL: `${process.env.API_URL}/` || 'https://api.domain.test/',

So I think this might be related, although it probably is because of this line:

And baseURL works when you put trailing slash at the end; like so http://localhost:3333/, which shouldn't work like so. It should work without trailing slash.

Thanks for finding this. I am not sure if this is a bug, to me it looks like an intended feature because of the default /api/auth pathname:

Modifying this will be a hard breaking change for our users who already use no trailing slash at the end.

We already use AUTH_ORIGIN for authjs provider, maybe it makes sense to unify approaches. I would think about it.

True, it is breaking change. I see that. But it should not append /api/auth when a variable is set in the config, this is weird behaviour in my opinion. It should only default to /api/auth and not treat the baseURL as a prefix to /api/auth. The endpoints config in the provider settings is where you set the /api/auth or whatever is needed.