Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Infinite redirect with middleware and basePath

See original GitHub issue

Question 💬

I have a NextJS app setup to run under the /admin basepath. Whenever I use the middleware, I am having problems with it sending me to the wrong url for the login page. If I try passing a custom sign in page to the options, it redirects me infinitely. Can anyone point me in the right direction? Is this even possible?

How to reproduce ☕️

I am running next-auth@4.3.1, next@12.1.0

_app.js

import { SessionProvider } from 'next-auth/react';
import '../styles/globals.css';

function App({ Component, pageProps: { session, ...pageProps } }) {
  return (
    <SessionProvider
      session={session}
      basePath="/admin/api/auth"
    >
      <Component {...pageProps} session={session} />
    </SessionProvider>
  );
}

export default App;

_middleware.js

Note that without the custom signin page, the app redirects me to /api/auth/signin which does not exists (I can see the page if I manually go to /admin/api/auth/signin) and with the custom signin page I get an infinite redirect error.

import withAuth from 'next-auth/middleware';

export default withAuth({
  pages: {
    signIn: '/admin/signin',
  },
});

next.config.js

/** @type {import('next').NextConfig} */

const nextConfig = {
  reactStrictMode: true,
  env: {
    COGNITO_CLIENT_ID: '<removed>',
    COGNITO_CLIENT_SECRET: '<removed>',
    COGNITO_ISSUER: '<removed>',
    COGNITO_DOMAIN: '<removed>',
    NEXTAUTH_URL: 'http://localhost:3000/admin/api/auth',
    NEXTAUTH_SECRET: '<removed>',
  },
  basePath: '/admin',
};

module.exports = nextConfig;

pages/signin.js

import { Button } from '@mantine/core';
import { signIn } from 'next-auth/react';

export default function SignIn({ providers }) {
  return (
    <Button onClick={() => signIn('cognito')}>
      Sign in with Cognito
    </Button>
  );
}

pages/api/auth

import NextAuth from 'next-auth/next';
import CognitoProvider from 'next-auth/providers/cognito';

export default NextAuth({
  providers: [
    CognitoProvider({
      clientId: process.env.COGNITO_CLIENT_ID,
      clientSecret: process.env.COGNITO_CLIENT_SECRET,
      issuer: process.env.COGNITO_ISSUER,
      domain: process.env.COGNITO_DOMAIN,
    }),
  ],
  secret: process.env.NEXTAUTH_SECRET,
  debug: true,
});

Contributing 🙌🏽

No, I am afraid I cannot help regarding this

Issue Analytics

State:
Created a year ago
Reactions:3
Comments:9 (3 by maintainers)

Top GitHub Comments

10reactions

Angeschossencommented, Oct 6, 2022

I have the same issue by just using export { default } from "next-auth/middleware" in my middleware.

4reactions

ndom91commented, Mar 23, 2022

@nicks6853 thanks for reaching out. So this should theoretically be possible. I was successfully able to recreate and reproduce your infinite refresh / forwarding problem.

I think I’ve boiled it down to packages/next-auth/src/next/middleware.ts:L65-L68 - this check isn’t being hit and so its not early returning. Therefore its continuing on until a few lines further down it appends another copy of the callbackUrl query param and redirect’s to the signInUrl over and over again…

Unfortunately I haven’t been abel to get any further tonight. I’ll take another look at this tomorrow 👍