You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I followed the getting started and the custom pages documentation to setup a basic site with a custom signin page and a signin/signout button on the homepage.
However the social signin with GitHub doesn't work on my custom signin page when being directed to it with the signIn() method.
The redirect to my custom error page doesn't occur on AuthErrors either.
Note that signing in works when navigating directly to the custom signin page /signin
How to reproduce
clone the repo
add AUTH_GITHUB_ID, AUTH_GITHUB_SECRET. AUTH_SECRET to .env.local for github provider
go to the homepage
click on Signin, I'm being redirected to api/auth/signin?callbackUrl=... and not to my custom signin page /signin?callbackUrl=...
click on Signin with GitHub, which leads to the following CSRF mismatch:
POST /api/auth/signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2F 302 in 8ms
GET /signin?error=MissingCSRF 200 in 13ms
[auth][error] MissingCSRF: CSRF token was missing during an action signin. Read more at https://errors.authjs.dev#missingcsrf
at validateCSRF (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/actions/callback/oauth/csrf-token.js:45:11)
at AuthInternal (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/index.js:71:100)
at async Auth (webpack-internal:///(rsc)/./node_modules/@auth/core/index.js:126:34)
at async /workspaces/typescript-node-2/my-app/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:55038
at async ek.execute (/workspaces/typescript-node-2/my-app/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:45808)
at async ek.handle (/workspaces/typescript-node-2/my-app/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:56292)
at async doRender (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:1357:42)
at async cacheEntry.responseCache.get.routeKind (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:1567:40)
at async DevServer.renderToResponseWithComponentsImpl (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:1487:28)
at async DevServer.renderPageComponent (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:1911:24)
at async DevServer.renderToResponseImpl (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:1949:32)
at async DevServer.pipeImpl (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:916:25)
at async NextNodeServer.handleCatchallRenderRequest (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/next-server.js:272:17)
at async DevServer.handleRequestImpl (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/base-server.js:812:17)
at async /workspaces/typescript-node-2/my-app/node_modules/next/dist/server/dev/next-dev-server.js:339:20
at async Span.traceAsyncFn (/workspaces/typescript-node-2/my-app/node_modules/next/dist/trace/trace.js:154:20)
at async DevServer.handleRequest (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/dev/next-dev-server.js:336:24)
at async invokeRender (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/lib/router-server.js:173:21)
at async handleRequest (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/lib/router-server.js:350:24)
at async requestHandlerImpl (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/lib/router-server.js:374:13)
at async Server.requestListener (/workspaces/typescript-node-2/my-app/node_modules/next/dist/server/lib/start-server.js:141:13)
POST /api/auth/signin?callbackUrl=http%3A%2F%2Flocalhost%3A3000%2F 302 in 7ms
GET /signin?error=MissingCSRF 200 in 14ms
I'm not even redirected to the error page defined in src/auth.ts
Expected behavior
I click on the sign in button on the homepage, go to the sign in page, sign in with GitHub and get redirected back to the homepage
I should be redirected to my error page on AuthErrors
The text was updated successfully, but these errors were encountered:
gislerro
added
bug
Something isn't working
triage
Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
labels
Aug 29, 2024
I think the issue is in next-auth/src/lib/actions.ts and the resulting call to core/src/lib/utils/env.ts:createActionURL. The action URL doesn't consider the custom pages defined in the AuthConfig
typeSignInParams=Parameters<NextAuthResult["signIn"]>exportasyncfunctionsignIn(provider: SignInParams[0],options: SignInParams[1]={},authorizationParams: SignInParams[2],config: NextAuthConfig){constheaders=newHeaders(nextHeaders())const{redirect: shouldRedirect=true,
redirectTo,
...rest}=optionsinstanceofFormData ? Object.fromEntries(options) : optionsconstcallbackUrl=redirectTo?.toString()??headers.get("Referer")??"/"constsignInURL=createActionURL("signin",// @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by defaultheaders.get("x-forwarded-proto"),headers,process.env,config)// signInUrl = config.basePath + /signin// Expected: signInUrl = config.pages.signIn = '/signin'if(!provider){signInURL.searchParams.append("callbackUrl",callbackUrl)if(shouldRedirect)redirect(signInURL.toString())returnsignInURL.toString()}
...
Environment
Reproduction URL
https://github.com/gislerro/authjs-customsignin-issue
Describe the issue
I followed the getting started and the custom pages documentation to setup a basic site with a custom signin page and a signin/signout button on the homepage.
However the social signin with GitHub doesn't work on my custom signin page when being directed to it with the
signIn()
method.The redirect to my custom error page doesn't occur on
AuthError
s either.Note that signing in works when navigating directly to the custom signin page
/signin
How to reproduce
AUTH_GITHUB_ID, AUTH_GITHUB_SECRET. AUTH_SECRET
to.env.local
for github providerSignin
, I'm being redirected toapi/auth/signin?callbackUrl=...
and not to my custom signin page/signin?callbackUrl=...
Signin with GitHub
, which leads to the following CSRF mismatch:error
page defined insrc/auth.ts
Expected behavior
AuthError
sThe text was updated successfully, but these errors were encountered: