* fix(middleware): improve handling of custom nextjs basePath
* fix(middleware): improve extraction of nextjs base path from req.nextUrl
* adapt to req.nextUrl.basePath
* Fix indent
* Add middleware test for custom-base and simplified code a little bit
* Fix indent
* Add another test
* Rename basePath and nextJsBasePath
* Fix lint error
* fix(middleware): use `includes()` for NextAuth pages
Some users could be setting their `signIn` and `error` pages option to
`/` to disable the automatically generated pages, as suggested in [1].
This commit reverts the behaviour for matching `signIn` and `error`
pages in `handleMiddleware` to pre-v4.10.3.
```
const signInPage = "/"
const errorPage = "/"
const publicPaths = [signInPage, errorPage, "/_next", "/favicon.ico"]
// pathname = "/" will return true
publicPaths.some((p) => pathname.startsWith(p))
```
Fixes: aedabc8d ("fix: avoid redirect on always public paths")
Reference [1]: https://github.com/nextauthjs/next-auth/discussions/2330#discussioncomment-1678298
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* test(middleware): add tests for public paths
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: Thang Vu <thvu@hey.com>
* clean up `package.json` files
* chore(ts): make sure `next-auth/next` does not conflict with `next`
* simplify `turbo.json`
* fix: apply suggestion
* simplify doc dev command
* ignore upstash redis again
* ignore mikro orm for now
* chore: dev command
* update lock file
* update css path for dev only
* Update apps/dev/package.json
Co-authored-by: Thang Vu <thvu@hey.com>
* Send client_id and client_secret to linkedin
Linkedin now requires client_id and client_secret to be
sent in the oauth callback. Fixes#5220
* Update linkedin.ts
Co-authored-by: Thang Vu <thvu@hey.com>
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat: added providing database name in options
* fix: added database name providing in readme
* Apply suggestions from code review
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* fix: return null in unstable_getServerSession if there's an error
* Remove status check and instead check body is not a string
* Combine similar tests
* Keep error from being logged twice
The same errors have been logged, firstly before throwing
OAuthCallbackError, later in the catch-clause of it.
This commit removes the former and lets the latter survive,
because logging functionality seems better to reside in the
same neighborhood.
* doc: Merge CALLBACK_OAUTH_ERROR to OAUTH_CALLBACK_ERROR
* doc: This particular error from openid-client comes with SIGNIN_OAUTH_ERROR
* Provide logger with `providerId`
Co-authored-by: Thang Vu <thvu@hey.com>
Co-authored-by: Thang Vu <thvu@hey.com>
* feat: add nonce check type
* Update types import for nonce-handler.ts
* Update packages/next-auth/src/core/lib/oauth/callback.ts
Co-authored-by: Thang Vu <thvu@hey.com>
* Add further info to debug msg as per PR suggestion
* Cast OauthChecks as OpenIDCallbackChecks
* Update order of imports as per PR suggestion
Co-authored-by: Hamid Adelyar <hamid.adelyar@bjss.com>
Co-authored-by: hamidbjss <98807568+hamidbjss@users.noreply.github.com>
Co-authored-by: Thang Vu <thvu@hey.com>
* type safe babel config
* avoid auth redirect for `_next`
* force render default error page on user miconfig
* add slash to _next path
* use `.some`
* add docs
* change from localhost
* add favicon to public path
