Closed agustingabiola closed 2 years ago
This seems to be an issue with iron-session
since next-connect
does not do anything with regards to session
Hello @hoangvvo , thanks for replying turns out the issue was not in the libraries but myself. Upon reviewing the oauth flow I realized that when you do a POST to the Nextjs it's expected to not get any cookies since you are being called from a different "site". In order to fix this you need to set the cookies you want to read at the POST stage with sameSite: "none"
instead of the default "lax". Setting the cookies you need this way will ensure you can read them when using the response type "form_post".
Hello everyone and first of all thank you for this great library. I'm not sure if this is a problem of next-connect to be honest but the issue I'm having is that when my identity provider redirects back to my application with a POST, the cookies are not present in the header. This is the route I have (I'm using iron-session too):
at that time going back from the oauth flow the cookies are not present