Allow for dynamically set redirect URIs

[PaulAsjes]

Fixes https://github.com/workos/authkit-nextjs/issues/45 https://github.com/workos/authkit-nextjs/issues/58 https://github.com/workos/authkit-nextjs/issues/24

This PR does a few things:

• Rename getUser to withAuth to be more in line with other SDKs and be more accurate in general
• Make WORKOS_COOKIE_NAME configurable in env variables
• Redirect URI can now be set dynamically, useful for things like Vercel preview deployments
• Removes the checks for environment variables as the benefit wasn't worth the added frustration

[moroshko]

Redirect URI can now be set dynamically, useful for things like Vercel preview deployments

@PaulAsjes Any plans to support dynamic logout redirect urls (the app homepage field in the Dashboard)? Without this ability, Vercel preview deployments logout flow can't work.

[PaulAsjes]

@moroshko That's something we're considering, but don't have a timeline to share at the moment. I've passed it along to the team though!

[Dvinge]

Those changes would solve a lot of problems we're having right now. Is there any potential ETA for getting this merged in?

[ijxy]

Just a suggestion, but to work with Vercel deployment weirdness* it would be beneficial to use NEXT_PUBLIC_ env variables where possible.

*: middleware cannot use variables from .env files unless they are NEXT_PUBLIC_. For example, the way I use this (with my hacked-up version of this library) is to add NEXT_PUBLIC_WORKOS_REDIRECT_URI = "https://${NEXT_PUBLIC_VERCEL_URL}/some/path" to the .env.production file (ie for previews and production builds).

[PaulAsjes]

Sorry for the delay here, we're making a fairly significant change by switching to esm from cjs and want to make sure that is stable before we merge. Since this PR also contains breaking changes we're waiting for that to land before merging this in.

[PaulAsjes]

Just a suggestion, but to work with Vercel deployment weirdness* it would be beneficial to use NEXT_PUBLIC_ env variables where possible.

*: middleware cannot use variables from .env files unless they are NEXT_PUBLIC_. For example, the way I use this (with my hacked-up version of this library) is to add NEXT_PUBLIC_WORKOS_REDIRECT_URI = "https://${NEXT_PUBLIC_VERCEL_URL}/some/path" to the .env.production file (ie for previews and production builds).

@ijxy looking at the Next.js docs, the NEXT_PUBLIC_ prefix is only if you want to expose the env variable to the browser. Is there any reason why you'd want to expose the redirect URI?

[ijxy]

Just a suggestion, but to work with Vercel deployment weirdness it would be beneficial to use NEXT_PUBLIC_ env variables where possible. : middleware cannot use variables from .env files unless they are NEXT_PUBLIC_. For example, the way I use this (with my hacked-up version of this library) is to add NEXT_PUBLIC_WORKOS_REDIRECT_URI = "https://${NEXT_PUBLIC_VERCEL_URL}/some/path" to the .env.production file (ie for previews and production builds).

@ijxy looking at the Next.js docs, the NEXT_PUBLIC_ prefix is only if you want to expose the env variable to the browser. Is there any reason why you'd want to expose the redirect URI?

This issue explains well: https://github.com/vercel/next.js/discussions/39705

tl;dr: To expose custom env variables from any .env files to middleware (when hosting on Vercel) they need to be prefixed with NEXT_PUBLIC_.

[ijxy]

@PaulAsjes as an example:

# .env
WORKOS_REDIRECT_URI_RUNTIME="https://${VERCEL_URL}/api/auth/callback"
NEXT_PUBLIC_WORKOS_REDIRECT_URI_RUNTIME="https://${VERCEL_URL}/api/auth/callback"

// middleware.ts

import { authkitMiddleware } from "@workos-inc/authkit-nextjs";
import { MiddlewareConfig, NextFetchEvent, NextRequest } from "next/server";

const auth = authkitMiddleware({
  middlewareAuth: { enabled: true, unauthenticatedPaths: [] },
});

export function middleware(request: NextRequest, event: NextFetchEvent) {
  console.log({
    WORKOS_REDIRECT_URI_RUNTIME: process.env.WORKOS_REDIRECT_URI_RUNTIME,
    NEXT_PUBLIC_WORKOS_REDIRECT_URI_RUNTIME: process.env.NEXT_PUBLIC_WORKOS_REDIRECT_URI_RUNTIME,
  });
  return auth(request, event);
}

export const config: MiddlewareConfig = {
  matcher: "/((?!api/|_next/|_vercel/|_assets/|[\\w-]+\\.\\w+).*)",
};

You'd expect both variables to be equivalent (since middleware runs in a secure environment) but what you actually see is:

{
  WORKOS_REDIRECT_URI_RUNTIME: undefined,
  NEXT_PUBLIC_WORKOS_REDIRECT_URI_RUNTIME: 'https://***-niq3m0chf-***.vercel.app/api/auth/callback'
}

The consequences of the above are:

• preview deployments don't work (you need to be able to use VERCEL_URL with variable expansion, which means you need to be able to use a .env file, which means it needs to be NEXT_PUBLIC_ due to the way Vercel works as demonstrated above)
• for production deployments, the domain has to be hardcoded into the env variable. Not the end of the world, but more error prone than relying on VERCEL_URL

These are very Vercel specific issues, but it is literally impossible to work around them using this package as it is due to the environment variable naming.

[PaulAsjes]

@ijxy Thanks for that, that really clears it up. I've renamed WORKOS_REDIRECT_URI to NEXT_PUBLIC_WORKOS_REDIRECT_URI to unblock Vercel preview deployments.