-
-
Notifications
You must be signed in to change notification settings - Fork 394
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Expo Auth without setting AUTH_URL. #1054
feat: Expo Auth without setting AUTH_URL. #1054
Conversation
const host = req.headers.get("host"); | ||
const newURL = new URL(req.url); | ||
newURL.host = host ?? req.nextUrl.host; | ||
return new NextRequest(newURL, req); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to rewrite if we disable csrf in dev?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because the generated callback URLs point to localhost:3000
no matter what. NextJS sets the nextUrl
to the deployment URL, which is always localhost
on development, but we need it to be the IP of the machine, i.e. 192.168.x.y
so that it can properly route the request to the oauth provider and back. This function rewrites the URL to be the machine's IP, so that we can force nextauth to use that instead of the preset localhost.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having looked through authjs's source code, the callback url is generated by const baseUrl = env.AUTH_URL ?? request.url
(pseudocode), so because we don't set AUTH_URL
, we need to ensure request.url
is set to the proper value.
EDIT: Reference code:
Auth
function (where request is passed by this app): https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/index.ts#L101AuthInternal
function (request.url is retrieved) https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/index.ts#L24init
function call (handles events, we care about callback stuff): https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/init.ts#L68C35-L68C49parseProviders
call, which generates the callback URL: https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/lib/utils/providers.ts#L29
The code above uses the request URL's origin (and the request URL origin gets overwritten with AUTH_URL
if it is set) to generate the callback URL, so it must be set to the desired return IP for expo to work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this means we have to set the ip at the oauth provider? Hmm...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just modifying the request URL seems to be sufficient. In my local testing, this has worked great both with and without the auth proxy server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aight I'll try and test it out asap
a8deb69
into
t3-oss:11-02-feat_expo_auth
* feat: expo auth * rm * fix format * fix lock * feat: use expo-linking to construct urls for expo auth (#832) * expo install --fix * nit * fix cookie * use sync session store api * add custom handler back * fix exports * Use .find() instead of always first cookie (#1043) * feat: Expo Auth without setting AUTH_URL. (#1054) * feat: expo-auth without auth_url env var * Fix session cookie matching * feat: Restore old CSRF checks in non-dev environments * chore: Documenting some decisions with comments * Use node env instead of vercel-specific env var * Update readme to describe oauth changes * Fix redirectTo being missing and enforce home nav since it was showing a weird page * Disallow backwards navigation upon auth change * some light refactoring * dont' mutate args * helper * cmt * fmt --------- Co-authored-by: Jay McMullen <j@1f.io> Co-authored-by: Gabriel Bianchi <gdbianchii@gmail.com> Co-authored-by: Sam Riddle <Wundero@users.noreply.github.com>
This PR implements logic into the Expo <-> NextAuth linking which enables the IP that expo uses (e.g. 192.168.x.y) to work without having to set the AUTH_URL to be that IP.
See #720 for details and discussion related to this issue.