search

hoangvvo / next-connect

The TypeScript-ready, minimal router and middleware layer for Next.js, Micro, Vercel, or Node.js http/http2
https://www.npmjs.com/package/next-connect
MIT License
1.64k stars 65 forks source link

Cookies not present when redirected with form_post #167

Closed agustingabiola closed 2 years ago

agustingabiola commented 2 years ago

Hello everyone and first of all thank you for this great library. I'm not sure if this is a problem of next-connect to be honest but the issue I'm having is that when my identity provider redirects back to my application with a POST, the cookies are not present in the header. This is the route I have (I'm using iron-session too):

handler.post(
  `${AUTH_HANDLER_URL}/callback`,
  withSessionRoute(async (req, res) => {
    console.log('🚀 -----------------------------------------------------------------');
    console.log('🚀 ~ Calling /auth/callback\n', req.body, '\nsession info:', req.session);
    console.log('🚀 -----------------------------------------------------------------');

    res.redirect('/');
  }),
);

at that time going back from the oauth flow the cookies are not present

hoangvvo commented 2 years ago

This seems to be an issue with iron-session since next-connect does not do anything with regards to session

agustingabiola commented 2 years ago

Hello @hoangvvo , thanks for replying turns out the issue was not in the libraries but myself. Upon reviewing the oauth flow I realized that when you do a POST to the Nextjs it's expected to not get any cookies since you are being called from a different "site". In order to fix this you need to set the cookies you want to read at the POST stage with sameSite: "none" instead of the default "lax". Setting the cookies you need this way will ensure you can read them when using the response type "form_post".