search

workos / authkit-nextjs

The WorkOS library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js.
MIT License
43 stars 9 forks source link

Post-Login Redirection Issue with @workos-inc/authkit-nextjs v0.4.0 #14

Closed gorbulls456667 closed 3 months ago

gorbulls456667 commented 3 months ago

This new issue is a continuation of https://github.com/workos/authkit-nextjs/issues/11, which has been previously closed.

I'm currently trying out the new package renamed @workos-inc/authkit-nextjs version 0.4.0 and I'm encountering an issue with post-login redirection within my next.js application.

Currently, the default returnPathname in the callback route, is functioning correctly:

export const GET = handleAuth({ returnPathname: "/dashboard" });

However, I've noticed that when I use

const { user } = await getUser({ ensureSignedIn: true });

in a protected page and then successfully log in, I'm not redirected to the page I was originally trying to reach, but rather to the default returnPathname set in the callback route.

It seems that the current behavior is not what is desired. Similarly, as @PaulAsjes mentioned, "if your user tries to access a protected page (e.g. /admin) without being logged in, after authenticating via AuthKit they'll be redirected to the page they were trying to access rather than /."

benoitgrelard commented 3 months ago

I am unable to replicate your issue and it's working fine for me in both cases. Do you have a reproduction or can share your code with us?

gorbulls456667 commented 3 months ago

Sure, this is a new Next.js project that I created: authkit-redirect-reproduction

To reproduce:

  1. You need to set up a .env file with your WorkOS staging credentials:

    WORKOS_CLIENT_ID="******"
WORKOS_API_KEY="******"
WORKOS_REDIRECT_URI="http://localhost:3000/auth/callback" # configured in the WorkOS dashboard
WORKOS_COOKIE_PASSWORD="NRjSk/Zwd/0cwnyl9PKQ3G7oK7YxGpSt"

    Replace the asterisks with your WorkOS credentials.

  2. Once the dependencies are installed and the server is running with npm run dev, go to the page "http://localhost:3000/protected".

  3. You will be redirected to the hosted Authkit page. Log in.

  4. After logging in, instead of being redirected to the page "http://localhost:3000/protected", I am redirected to the page "http://localhost:3000/dashboard"."

gorbulls456667 commented 3 months ago

I observed that the issue arises when trying to access a protected page (https://authkit-redirect-reproduction.vercel.app/protected) directly from the browser's address bar. When attempting to access this protected page (https://authkit-redirect-reproduction.vercel.app/protected) from the address bar and then logging in, the redirection defaults to "/dashboard" instead of navigating to the intended page, which should be "/protected".

PaulAsjes commented 3 months ago

Thanks, that helped us reproduce the issue. We've found a solution and will put out a fix soon!

gorbulls456667 commented 3 months ago

Awesome! Thanks!