Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NextJS Middleware Auth Examples recommends using function that doesn't exist #27505

Open
ethanniser opened this issue Jun 24, 2024 · 1 comment
Open

NextJS Middleware Auth Examples recommends using function that doesn't exist #27505

ethanniser opened this issue Jun 24, 2024 · 1 comment
Labels
documentation Improvements or additions to documentation external-issue to-triage

Comments

@ethanniser
Copy link

ethanniser commented Jun 24, 2024
edited
Loading

Improve documentation

Link

https://supabase.com/docs/guides/auth/server-side/nextjs?queryGroups=router&router=app

Describe the problem

The main issue is that the current example is structured in a way were it assumes the only thing you will ever do in your middleware is authenticate with supabase, but often I would think that is not the case.

My current project has some complex redirection logic, so I can't just simply return the supabaseResponse. The docs suggest making a new NextResponse and manually setting the cookies

const myNewResponse = NextResponse.next({ request })
myNewResponse.cookies.setAll(supabaseResponse.cookies.getAll())

The only problem is the cookies property on NextResponse is of type ResponseCookies which does not actually have a setAll method.

Describe the improvement

It would be fantastic if there was:

  • A recommended way to pass on the Supabase cookies to new responses
  • An example where the middleware does more than simply return await updateSession
  • Maybe an example repo to go off of and could be linted as to avoid recommending non existent or depreciated apis

I'm upgrading my auth from 0.6 @supabase/auth-helpers-nextjs and I was actually in the process of writing a separate issue earlier asking for the docs to no longer recommend get, set and delete, but #27242 literally merged as I was writing it (thanks @hf), but I've run into this separate issue now. If any other additional information is needed just let me know- happy to help.

Thanks so much
@ethanniser ethanniser added the documentation Improvements or additions to documentation label Jun 24, 2024
@ErikPetersenDev
Copy link
Contributor

ErikPetersenDev commented Jun 28, 2024
edited
Loading

Just to link things together I thought I'd share that there's also a Discussion I just came across that covers a couple other documentation issues on the same page (https://supabase.com/docs/guides/auth/server-side/nextjs?queryGroups=router&router=app).

Discussion: https://github.com/orgs/supabase/discussions/27619

To summarize quickly:

  • data: user should be data: { user} (otherwise if block is never executed)
  • The if statement needs to skip the login route or it'll create a redirect loop (e.g., if (!user && !request.nextUrl.pathname.startsWith("/login")))
  • NextResponse.redirect('/login') doesn't work in middleware (reference: https://nextjs.org/docs/messages/middleware-relative-urls)... I believe it should be:
const url = request.nextUrl.clone();
url.pathname = "/login";
return NextResponse.redirect(url);

EDIT: I've opened a PR for the issues from the Discussion, but it doesn't address this Issue. #27622.

@ErikPetersenDev ErikPetersenDev mentioned this issue Jun 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation external-issue to-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ErikPetersenDev @ethanniser