(Next)Auth doesn't properly refresh the page when deployed using Open Next

[paneidos]

When using Auth.js, redirects and responses work differently when deployed on Vercel vs. deploying using SST/OpenNext. This results in login/logout buttons not doing anything on the screen.

Looking in the browsers console, it seems OpenNext returns a redirect response right away, while Vercel splits this in 2 requests. A POST with 200 and then a GET with a 3xx code.

Steps to reproduce

Deploy

1. Clone https://github.com/paneidos/next-auth-demo
2. echo "AUTH_SECRET=\"$(openssl rand -base64 32)\"" >> .env
3. yarn install
4. yarn sst deploy --stage prod

Use site

1. Login as test@example.com, password 'hunter2'.
2. Try to log out immediately (button at the bottom)

Expected

Redirect to login

Actual

Stay on dashboard

[conico974]

We cannot access your reproduction repo. What version of Next, SST and OpenNext are you using ?

[paneidos]

My bad I think. I was sure I changed it to public, even entered the 2FA. Anyway, it's public now.

I generated the app with the newest Next.js and followed the instructions on the site.

[conico974]

Couple of things:

• First of all i did not get 2 request on vercel, i only got one with a 3xx which didn't even properly changed the url ( it stayed on /dashboard while displaying the login), and the first time i tried it didn't even work. After that it worked, probably a cache issue.
• Second thing is you probably should not secure a route that is ISR/SSG in the middleware when using a CDN( which is the case in SST ). The middleware is running behind cloudfront, so when you run a request for dashboard while being auth, the auth session is cached on the CDN for everyone to retrieve. You can change the default caching policy used in SST to include next auth cookies so that they are cached per user ( i would not recommend doing this unless you know exactly what you're doing though)

[paneidos]

That's weird. I also have just the one request on Vercel too. Must've done something wrong, when I tried to extract a smaller sample from the tutorial application.

Can you look at the full app instead? https://github.com/paneidos/nextjs-dashboard The login screen doesn't redirect on my AWS deploy with SST. All the code there is from the official tutorial.

Login with user@nextmail.com, password 123456. Vercel: https://nextjs-dashboard-sandy-xi-58.vercel.app/ AWS: https://d2r9ta6vcll7hb.cloudfront.net/

[conico974]

Your login page is using SSG, it needs to be SSR as well. If this solve it you can close the issue. If you want more advice i'd recommend going into the discord https://sst.dev/discord either in help or in the open-next channel

[paneidos]

Thanks for the help, @conico974 Adding export const dynamic = "force-dynamic" to the page.tsx fixed it.

It does seem to have become SSR on the Vercel deploy without extra instructions. Do they auto-detect something to mark it as such? If so, maybe it's possible to bring that detection to open-next?

I understand if you want to close this issue though, as it's got a workaround in being explicit about your intentions. 😄

I'll make certain to remember the Discord while developing a full app.

[conico974]

Vercel put the middleware in front of the CDN inside a cloudflare worker. So you don't have the issue there. Technically it's possible to do the same thing with OpenNext, but this is not documented yet and it requires to write all the IAC by yourself. I'll close this as this is not really an issue