Closed ryendu closed 1 month ago
Thanks for the report, you likely had /auth/callback
in your middleware matcher which would trigger the middleware after login. In that case if you don't have the callback URL added to unauthenticatedPaths
the "check if user is auth'd" logic hits before the session logic can execute, putting you in a login loop.
An easier fix would be to just leave /auth/callback
out of your middleware matcher, but I'll make sure to update the docs to make this clearer.
Hey, I setup middlewareAuth as introduced in #29 to prevent unauthorized users from accessing most endpoints. However, I kept running into a bug where unauthenticated users attempting to sign in would just keep getting redirected to the sign in page after attempting to sign in if
middlewareAuth
is enabled. I did some debugging and realized that by default ifmiddlewareAuth
is enabled, the/auth/callback
endpoint that handles user sign in in is also blocked and users are prevented from signing in. The easy fix would to be to add'/auth/callback'
or one's callback route to theunauthenticatedPaths
, but I wanted to bring this up because I thought this should be made clear in the documentation or somewhere to prevent others from running into this as well and getting confused.