Github sign-in redirects to localhost:3000 and not host

[theogravity]

I was able to finally run the app, but am having issues with sign-in.

I added the following to my /etc/hosts:

127.0.0.1   domain.tld localhost

And registered the following callback URL with a Github OAuth application:

http://domain.tld:3000/api/auth/callback/github

config.json:

{
  "host": "domain.tld",
  "database": {
    "type": "sqlite3",
    "client": "better-sqlite3",
    "useNullAsDefault": true,
    "connection": {
      "filename": "./dev.sqlite3"
    }
  },
  "allowMediaDomains": [],
  "allowEmails": [],
  "secretPhase": "...",
  "auth": {
    "github": {
      "id": "...",
      "secret": "..."
    }
  }
}

• yarn dev
• visit http://domain.tld:3000
• click sign in with github
• Immediately get redirected to http://localhost:3000 instead

http://localhost:3000/auth/signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fsignin%3FcallbackUrl%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fauth%252Fsignin%253FcallbackUrl%253Dhttp%25253A%25252F%25252Flocalhost%25253A3000%2526error%253DCallback%26error%3DCallback&error=Callback

[llun]

Do you have a request when it send to github? I'm not sure how do you get the last URL because the button that open the oAuth login is from NextAuth which suppose to request post and redirect github authorize path.

My setup currently use cloudflare tunnel to make the hostname work but I don't think that's related. (but you will have the issue when communicate with other federate server later because they can't reach out to you with localhost alias)

[theogravity]

I got a little further, but there's something with the CSRF check that fails.

    GithubProvider({
      clientId: auth?.github?.id || '',
      clientSecret: auth?.github?.secret || '',
      authorization: {
        params: {
          redirect_uri: 'http://domain.tld:3000/api/auth/callback/github',
        }
      }
    })

It's as if it's using the localhost:3000 cookies for CSRF check instead of domain.tld:3000 when it does the code exchange during the auth flow

[theogravity]

Also I've tried with just

NEXTAUTH_URL=http://domain.tld:3000 yarn dev and it ends up doing an infinite redirect after sign-in

this is with:

  providers: [
    GithubProvider({
      clientId: auth?.github?.id || '',
      clientSecret: auth?.github?.secret || ''
    })
  ],

[llun]

I think I know what's happening. I have a guard that prevent people signup and login if it's not allow in emails list here.

https://github.com/llun/activities.next/commit/3a573fdc22cce9fe2dd33ddee8964fcfd49d0a79#diff-aa98fd0757d0e1741503c50cfafb7726939d19819638bbe8e030a27adfec34a3L192-L194

This makes it keep redirect logged in user back to sign in however, because the sign in check if you already logged in with session, it will redirect back to the timeline page. I haven't figure this fully yet but with last commit should unblock this for now if you don't specify allow email list yet.