You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The no-custom-pages branch is as minimal as can be, the auth config has a secret and a provider and that's it.
When a user requests a protected route while not signed in they get redirected to "/api/auth/signin" through a function called protectedRoute() that gets called by getServerSideProps(). I've tried using the query params to redirect to the requested page like this: /api/auth/signin?callbackUrl=${callback} but that didn't work.
If you look at the custom pages flow you'll see that when a user requests a url they get the (custom) sign in page with the "callbackUrl" param pointing at what is stored in their cookie, not the url they requested.
How to reproduce
Clone the repo and run it with your own env vars, or go to either of the urls I specified above
Sign in
Go to page "two" by clicking on the link in the top nav bar
The expected result is getting to the requested url which in this case was /protected/three, and not the last visited page before signing out (which in this case was /protected/two)
The text was updated successfully, but these errors were encountered:
dr15
added
bug
Something isn't working
triage
Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
labels
May 16, 2024
Environment
The bug is also reproducible in Vercel deployments. (which I have linked below)
Reproduction URL
https://github.com/dr15/auth-callback
Describe the issue
"After signin user gets redirected to last visited page not to requested page"
I created a repo with a minimal project that reproduces the bug: https://github.com/dr15/auth-callback
There are 2 branches, the main one which has custom auth pages and another one called no-custom-pages.
The bug happens on both.
You can test this by going to https://www.debug.baby/ or https://no-custom-pages.debug.baby/
The
no-custom-pages
branch is as minimal as can be, the auth config has a secret and a provider and that's it.When a user requests a protected route while not signed in they get redirected to "/api/auth/signin" through a function called
protectedRoute()
that gets called bygetServerSideProps()
. I've tried using the query params to redirect to the requested page like this:/api/auth/signin?callbackUrl=${callback}
but that didn't work.If you look at the custom pages flow you'll see that when a user requests a url they get the (custom) sign in page with the "callbackUrl" param pointing at what is stored in their cookie, not the url they requested.
How to reproduce
Expected behavior
The expected result is getting to the requested url which in this case was /protected/three, and not the last visited page before signing out (which in this case was /protected/two)
The text was updated successfully, but these errors were encountered: