search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
22.86k stars 3.08k forks source link

fix(next-auth): Add support for Next.js basePath configuration #10797

Open k3k8 opened 1 month ago

k3k8 commented 1 month ago

☕️ Reasoning

When I add basePath configuration to Next.JS config, the API routes are broken. If both AUTH_URL and NextAuth basePath configurations are empty, NextAuth will look like it works correctly. But, OAuth redirects callback URI is omitted basePath, so will fail.

In case of settings with AUTH_URL with full path: http://localhost:3000/basepath/api/auth, or adding NextAuth basePath configuration like /basepath/api/auth, NextAuth will raise Unknown Action Error.

I’ve investigated this error and figured out that it is caused by the Next.JS specification or bug.
NextAuth parses the NextRequest URL and creates an action with the request URL. But, Next.JS with basePath configuration reports that the URL does not contain basePath. The simple Next.JS project here reproduces this issue. 
https://github.com/k3k8/nextjs-base-path-issue

This issue has been reported in the Next.JS repository, but has not yet received any responses from the members. (https://github.com/vercel/next.js/issues/60956) I suspect that the Next.JS app router should rewrite from an inbound URL to an internal one. Thus this is likely to be a specification, in my opinion.

Consequently, I’ve decided to fix this problem with next-auth components. The problem is caused by the Next.JS specification; my commits are only on the next-auth package. No commits are on core libraries.

I’ve created reqWithBasePathURL and estimateBasePath on packages/next-auth/src/lib/env.ts and modified reqWithEnvURL call point.

Configuration sample: Next.Js baesPaht: “/base_path”, NextAuth config.basePath: “/base_path/api/auth” The reqWithEnvURL called POST or GET request, and req: NextRequest contains like this: http://localhost:3000/api/auth/session 
The estimateBasePath function estimates from the request URL and config.BasePath.

If you set a Next.JS basePath such as /base_path, the NextAuth config should be contain full path to auth dir.
AUTH_URL: http://localhost:3000/base_path/api/auth, or basePath: /base_path/api/auth. Configuring the full path to AUTH_URL is a v4 specification, and this correct configuration also works.
AUTH_URL: http://locahost:3000/, basePath: /base_path/api/auth

These configuration rules are obeyed on document one (https://authjs.dev/reference/warnings#env-url-basepath-redundant).

🧢 Checklist

🎫 Affected issues

9274

9984

10009

📌 Resources

vercel[bot] commented 1 month ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 8, 2024 3:30am
1 Ignored Deployment | Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **next-auth-docs** | ⬜️ Ignored ([Inspect](https://vercel.com/authjs/next-auth-docs/7eahKBQCeTNjuU94XKboZp2h3Lxq)) | [Visit Preview](https://next-auth-docs-git-fork-k3k8-fix-base-path-authjs.vercel.app) | | May 8, 2024 3:30am |
vercel[bot] commented 1 month ago

@k3k8 is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

tunchunairarko commented 2 weeks ago

Eagerly looking forward to see this PR into production, the basePath configuration is quite necessary.