Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(next-auth): signOut and middleware cookie error #10907

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix(next-auth): signOut and middleware cookie error #10907

wants to merge 3 commits into from
+4 −3

Conversation

jbpin
Copy link

@jbpin jbpin commented May 14, 2024

☕️ Reasoning

Using signOut() in middleware cause the NextJS error: Error: Cookies can only be modified in a Server Action or Route Handler. Read more: [https://nextjs.org/docs/app/api-reference/functions/cookies#cookiessetname-value-options](https://nextjs.org/docs/app/api-reference/functions/cookies#cookiessetname-value-options%60)

We can make a redirect and settings cookie in a middleware using Next but it should be assign to the NextResponse object as

const response = NextResponse.redirect(url)
response.cookies.set("myCookie", myJwt);
return response

This PR allow the signOut method to return the response object without setting the cookie using the next/headers cookie method. So doing, passing redirect: false in the signOut options, give the user the reponsibility/ability to set the cookie in the response of the redirect directly.

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

N/A

📌 Resources

jbpin added 2 commits May 14, 2024 14:59
@jbpin
Update actions.ts to allow signout redirect false to return res witho…
9b9ba0b 
…ut setting cookies

Using `signOut()` in middleware cause the next error: `Error: Cookies can only be modified in a Server Action or Route Handler. Read more: https://nextjs.org/docs/app/api-reference/functions/cookies#cookiessetname-value-options`

We can make a redirect with settings cookie in middleware using Next but it should be assign to the NextResponse object as 

```
const response = NextResponse.redirect(url)
response.cookies.set("myCookie", myJwt);
return response
```
This PR allow the signOut method to return the response object without setting the cookie using the next/headers cookie method.
@jbpin
lint code
aa157da
@jbpin jbpin requested a review from ThangHuuVu as a code owner May 14, 2024 13:13
@vercel Vercel
Copy link

vercel bot commented May 14, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 16, 2024 5:34am
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview May 16, 2024 5:34am

@vercel Vercel
Copy link

vercel bot commented May 14, 2024

@jbpin is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@ndom91 ndom91 changed the title SignOut and cookie fix(next-auth): signOut and middleware cookie error May 15, 2024
@SergioDep
Copy link

I have the same error when using unstable_update() from a server action inside a try catch statement, do you know if this solution could be applied to that?
Thanks 🙏

@karolinakuzniewicz
Copy link

In general, the NextAuth(config) and its methods should be a Server Action. This would allow us to manage the cookies as they can only be modified in Server Action or Route Handler and this would also finally cover the Rotation of the Refresh Token fully on the server side for devs who would like to store auth tokens in HTTP cookies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
next-auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jbpin @SergioDep @karolinakuzniewicz