Open muradsofi opened 2 weeks ago
that is malware to steal your account; do not under any circumstances download or run it. The post needs to be removed. If you have attempted to run it please have your system cleaned and your account secured immediately.
that is malware to steal your account; do not under any circumstances download or run it. The post needs to be removed. If you have attempted to run it please have your system cleaned and your account secured immediately.
For sure I will not download it :D I didn't know nowadays people try to steal account from github issues page lol
Hope repo owners will remove that comment when there are check my issue
Checklist
Description
We are storing environment variables in an external service (like Azure App Configuration) and have created an Auth0 instance manually due to this setup:
However, because
serverRuntimeConfig
is not available in middleware, we attempted to updateprocess.env
in next.config.js file and use it for dynamically loading and updating environment variables like this:Problem:
When trying to access these dynamically loaded
process.env
variables in middleware, they return asundefined
. This results in errors likeTypeError: "issuerBaseURL" must be a valid URI
from thewithMiddlewareAuthRequired
function.Question:
What is the correct approach to handle dynamically loaded environment variables in this context with
@auth0/nextjs-auth0
?Reproduction
Create a New Next.js Project:
Set Up External Configuration Loader:
Modify
next.config.js
:next.config.js
to load environment variables asynchronously using the loader:const configureNext = async () => { const settings = await loadAzureAppConfig(); Object.assign(process.env, settings);
return { serverRuntimeConfig: { AUTH0_AUDIENCE: process.env.AUTH0_AUDIENCE, AUTH0_BASE_URL: process.env.AUTH0_BASE_URL, AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET: process.env.AUTH0_CLIENT_SECRET, AUTH0_ISSUER_BASE_URL: process.env.AUTH0_ISSUER_BASE_URL, AUTH0_SCOPE: process.env.AUTH0_SCOPE, AUTH0_SECRET: process.env.AUTH0_SECRET, }, }; };
module.exports = configureNext();
Set Up Auth0 Instance Manually:
const { serverRuntimeConfig } = getConfig();
export const AUTH0_INSTANCE = initAuth0({ secret: serverRuntimeConfig.AUTH0_SECRET, issuerBaseURL: serverRuntimeConfig.AUTH0_ISSUER_BASE_URL, baseURL: serverRuntimeConfig.AUTH0_BASE_URL, clientID: serverRuntimeConfig.AUTH0_CLIENT_ID, clientSecret: serverRuntimeConfig.AUTH0_CLIENT_SECRET, });
Create Middleware:
export async function middleware(request) { const secret = process.env.AUTH0_SECRET; // Trying to access dynamically loaded env variable
if (!secret) { return NextResponse.redirect('/error'); // Redirect if secret is undefined }
return withMiddlewareAuthRequired(request); }
export const config = { matcher: ['/protected-route'], };
Run the Project:
npm run dev
./protected-route
).Expected Result: Middleware should be able to access the dynamically loaded environment variables and perform authentication checks without errors.
Actual Result: The environment variables loaded asynchronously are
undefined
in the middleware, causing errors likeTypeError: "issuerBaseURL" must be a valid uri
.Repository: You can create a minimal reproducible example by sharing this setup in a public GitHub repository.
Consistency: This issue can be reproduced consistently by following the steps above.
Additional context
No response
nextjs-auth0 version
3.1.0
Next.js version
13.5.5
Node.js version
v18.17.0