search

nowaythatworked / auth-astro

Community maintained Astro integration of @auth/core
300 stars 45 forks source link

Auth verification error not handled as expected #58

Open atej opened 9 months ago

atej commented 9 months ago

Setup with an Email provider. Sign in via magic link works.

The problem arises when you click on a magic link that was previously used. Expected behaviour is redirection to the error page with the search param ?error=Verification.

However, it leads to a TypeError immutable

The erring line

res.headers.delete('Set-Cookie')

This, I suspect is because the headers guard is set to immutable. More here

So, a work-around:

// ...
try {
  res.headers.delete('Set-Cookie')
} catch(error) {
  if (error instanceof TypeError) {
    const mutableHeaders = new Headers(res.headers)
    mutableHeaders.delete('Set-Cookie')
    return new Response(res.body, {
      headers: res.headers
    })
  }
}
// ...

This avoids the crash, but still no redirection to the error page, simply a 200 response.

I do see the error being logged though:

[auth][error] Verification: Read more at https://errors.authjs.dev#verification
    at Module.callback (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/lib/actions/callback/index.js:126:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthInternal (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/lib/index.js:27:24)
    at async Module.Auth (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/index.js:104:29)
    at async eval (/Users/aseem/Sites/astro-xata-vercel/node_modules/auth-astro/server.ts:25:17)
    at async Module.GET (/Users/aseem/Sites/astro-xata-vercel/node_modules/auth-astro/server.ts:55:14)
    at async renderEndpoint (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/runtime/server/endpoint.js:25:20)
    at async file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/endpoint/index.js:121:14
    at async callMiddleware (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/middleware/callMiddleware.js:12:10)
    at async callEndpoint (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/endpoint/index.js:120:16)
13:28:47 [200] /api/auth/callback/resend 1008ms
atej commented 9 months ago

This is my current patch:

// ...
try {
  res.headers.delete('Set-Cookie')
} catch(error) {
  if (error instanceof TypeError) {
    return redirect(prefix + '/error?error=Verification', 303)
  }
  return redirect(prefix + '/error?error=Default', 303)
}
//...
kcoderhtml commented 7 months ago

I just encountered this issue as well with the slack integration

kcoderhtml commented 7 months ago

I was able to fix this issue by adding checks: ["pkce", "nonce"] to the slack config in the auth.config.mjs file