Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support Next.js 12 Middleware

See original GitHub issue

Description 📓

After watching the recent Nextjs conf, I’m wondering if there’s a way to move authentication api (here it’s the /session endpoint) to run on the edge instead that on server. Looking at this very basic example

https://youtu.be/PWi-49ODKAs?t=3203

maybe there’s a way to take advantage of this in NextAuth too, even if in an opt-in way.

How to reproduce ☕️

Nothing to reproduce

Contributing 🙌🏽

Yes, I am willing to help implement this feature in a PR

Issue Analytics

State:
Created 2 years ago
Reactions:56
Comments:27 (18 by maintainers)

Top GitHub Comments

20reactions

balazsorban44commented, Feb 2, 2022

I am proposing a withAuth method, that could add authentication for the whole site (or any subdirectory) with a single line! Please check out #3657 and tell me what you think!

pages/_middleware.js:

export { default } from "next-auth/middleware"

17reactions

balazsorban44commented, Oct 27, 2021

I’ve gotten multiple related questions in the last 24 hours, so I will look into this more.

We are using jose under the hood which relies on the Web Cryptography API and Cloudflare Workers (the stuff behind Edge Functions) doesn’t support all of it (yet?) See: https://github.com/panva/jose/issues/265

#2857 is definitely the first step towards support here, but I’ll have to check if it is important for us that those unimplemented things work in CF Workers or not.

If not, then exposing a new method for Middlewares would be very easy.

It can be much trickier otherwise because I really like jose. It is a high-quality library with stellar maintenance.

Most of our users who are asking about this are probably interested in a way that would make it possible to check the user session, and if it is valid, proceed to the page, otherwise redirect to the login page.

We have to consider two scenarios:

User sessions are JWTs. See above.
User sessions are saved in a database. In this case, the underlying ORM/Adapter/DB will probably be the bottleneck for the response, since we are doing two separate queries to the database (one for getting the session, and one for either updating the expiry date, or deleting the session from the DB if already expired.)