New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: api routes not receiving real host, leading to localhost redirect after login #10360
base: main
Are you sure you want to change the base?
fix: api routes not receiving real host, leading to localhost redirect after login #10360
Conversation
…lhost after login when next operates behind reverse proxy
Someone is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
Anything I can do to speed this up? |
Yes, set both, but still the redirect after idp led to localhost. |
Are you sure you updated the We've got an example for Docker up at https://nextjs-docker-example.authjs.dev which does work behind a reverse proxy with all providers 🤔 |
Do you suggest using an absolute callbackUrl in the signIn call? Our IDP (Cognito) is accepting multiple callback URLs, however, without the changes above, the next auth was initializing the signIn with localhost:3000 as callback... We tried both the ENV vars you mentioned and all combinations. |
@MichaelErmer ah okay I think I see what you're saying. No so you don't have to pass an absolute URL to the We ran into this a few times, I forget if Cognito was one but I assume from what you're saying it is - Twitch, for example, allows adding multiple callbackUrls, but it'll always redirect to the first one. So if you add a local dev callbackUrl ( If you create two separate OAuth applications in your IdP, you'll just have to use two sets of separate |
I understand what you are saying, we wouldn't want our customers to have to setup multiple Apps on their sso for different systems of us, they whitelist only our tld or a list of domains. This change fixes the issue, in a generic way, by initiating the signIn at the IDP using the (from users perspective) correct return url, whilst ensuring and respecting trust host is enabled etc. |
This fix resolves next auth not using the correct hostname for requests using the API methods, which ultimately led to users being redirected to localhost:3000 after login if next run behind a reverse proxy.
☕️ Reasoning
🧢 Checklist
🎫 Affected issues
📌 Resources