Use relative redirect location in AuthKit callback handler

workos / authkit-nextjs

The WorkOS library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js.

MIT License

58 stars 14 forks source link

Use relative redirect location in AuthKit callback handler #35

Closed mthadley closed 5 months ago

mthadley commented 5 months ago

Previously, by cloning the request URL, we were inheriting the host and constructing an absolute URL as the Location.

This is a problem in certain cases, like if the app is running behind a reverse-proxy. From the outside, requests to the proxy may be coming in as example.com, but the application may see something else like localhost.

We can avoid this by just using whatever was given as the returnPathname, or falling back to the default of / which is a relative URL.

Bukati commented 5 months ago

Seems like this fix breaks NextJS 14.2.3 { error: 'URL is malformed "/". Please use only absolute URLs - https://nextjs.org/docs/messages/middleware-relative-urls' } GET /auth/callback?code=01HWVQ7E3VPCG0ZCY5ACG9Z0VQ 500 in 379ms

Everything works perfectly with 0.5.1

panbanda commented 5 months ago

Could we at least have the option to provide a hostname to the handleAuth options?