在生产中,调用 next-auth function Signout(),无论有没有 callbackUrl,总是将用户带到“localhost:3000”
[英]In production, calling in next-auth function Signout(), with or without callbackUrl, always brings the user to "localhost:3000"
问题描述
I deployed my Next.js app to AWS Amplify, set my environment variables correctly (including APP_URL and NEXTAUTH_URL, which are the same btw), and despite the fact I can sign in using credentials (from MongoDB Atlas), when I click the sign out button I get redirected to localhost:3000.
我将我的 Next.js 应用程序部署到 AWS Amplify,正确设置了我的环境变量(包括 APP_URL 和 NEXTAUTH_URL,顺便说一句,它们是相同的),尽管事实上我可以使用凭据(来自 MongoDB Atlas)登录,但当我单击注销按钮时我被重定向到 localhost:3000。
On Network tab of DevTools, I get a call named 'signout' with a 200 response with this Payload, which is OK:在 DevTools 的“网络”选项卡上,我收到一个名为“注销”的调用,其中包含此有效负载的 200 响应,这没问题:
csrfToken: 20dc1de55c4e40c7c0ac8d3ce675bff4522ba665d79e04c9da00f6365a23c30c
callbackUrl: https://tradingcenter.joaotextor.com
json: true
However, on the Request Headers of my 'signout' call I notice this 'cookies' entry:但是,在我的“注销”调用的请求标头中,我注意到这个“cookies”条目:
cookie: (...) next-auth.callback-url=http%3A%2F%2Flocalhost%3A3000 (...)
After this 'signout' call, I get another one named 'localhost', that keeps repeating from time to time while the page is opened, with these headers:在这个“注销”调用之后,我得到另一个名为“localhost”的调用,它在页面打开时不时重复,带有这些标题:
General
Request URL: http://localhost:3000/
Referrer Policy: strict-origin-when-cross-origin
Request Headers
Provisional headers are shown Learn more
sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
My environment variables on AWS Amplify are like this (I know, there's no point in having two for the same url):我在 AWS Amplify 上的环境变量是这样的(我知道,同一个 url 有两个是没有意义的):
NEXT_PUBLIC_APP_URL https://tradingcenter.joaotextor.com NEXT_PUBLIC_NEXTAUTH_URL https://tradingcenter.joaotextor.com NEXT_PUBLIC_APP_URL https://tradingcenter.joaotextor.com NEXT_PUBLIC_NEXTAUTH_URL https://tradingcenter.joaotextor.com
My Signout() function is very simple:我的 Signout() function 非常简单:
<MenuItem onClick={() => {
console.log(process.env.NEXT_PUBLIC_APP_URL)
signOut({callbackUrl: process.env.NEXT_PUBLIC_APP_URL})
}
}>
Logout
</MenuItem>
I placed that console.log there just to make sure it was being grabbed from the env variables I setup on Amplify, and yes, it is showing on console.我把那个 console.log 放在那里只是为了确保它是从我在 Amplify 上设置的环境变量中获取的,是的,它显示在控制台上。
I already tried to pass '/' as callbackUrl and also call Signout() without any params (which would be fine) but it doesn't work.我已经尝试将“/”作为 callbackUrl 传递,并且还调用了不带任何参数的 Signout()(这没问题),但它不起作用。 It seems the problem is not in the callback itself.看来问题不在回调本身。
I already checked, using the find tool on VS Code, and there's nothing related to localhost:3000 there anymore.我已经使用 VS Code 上的查找工具进行了检查,那里不再有与 localhost:3000 相关的内容。 Even my env.local (which is not pushed to Github and therefore not read by Amplify when cloning and deploying the app) does not have the localhost url.甚至我的 env.local(未推送到 Github,因此在克隆和部署应用程序时未被 Amplify 读取)也没有本地主机 url。
Already tried this and this .已经尝试过这个和这个。 Didn't work.没用。
I removed my Amplify app and created a new one (So I could avoid any unwanted cached files) and the problem still persists.我删除了我的 Amplify 应用程序并创建了一个新应用程序(这样我就可以避免任何不需要的缓存文件),但问题仍然存在。
Since there's no localhost:3000 reference in my code, how come does it redirect me to it in production?由于我的代码中没有 localhost:3000 引用,它怎么会在生产中将我重定向到它?
This is my repository, for further examination (Master branch is the one being deployed): https://github.com/joaotextor/trading-center这是我的存储库,供进一步检查(主分支是正在部署的分支): https://github.com/joaotextor/trading-center
The live preview and credentials are on the Github Repository so stackoverflow does not flag this question as a spam.实时预览和凭据位于 Github 存储库中,因此 stackoverflow 不会将此问题标记为垃圾邮件。
Thanks in advance!提前致谢!
1 个解决方案
解决方案1
0 2023-02-01 14:09:21
After debugging the code, I came the following conclusion: next-auth redirect / callbackUrl / cookie setting is bugged.调试代码后,我得出以下结论:next-auth redirect / callbackUrl / cookie setting is bugged。 So I manage to workaround this bug.所以我设法解决了这个错误。
But before I explain how I 'fixed' this, let me lay out this bug:但在我解释我是如何“修复”这个问题之前,让我列出这个错误:
I figured out the problem by using the redirect() callback on [...nextauth].js file.我通过在 [...nextauth].js 文件上使用 redirect() 回调解决了这个问题。
callbacks: { async redirect({ url, baseURl }) { console.log(`URL: ${url}`) console.log(`BASEURL: ${baseUrl}`) } }
The baseUrl returns http://localhost:3000 baseUrl 返回 http://localhost:3000
Also, I tried setting useSecureCookies to "true" and set the callback-url cookie manually inside the nextauth options:此外,我尝试将 useSecureCookies 设置为“true”并在 nextauth 选项中手动设置回调 url cookie:
useSecureCookies: true, cookies: { callbackUrl: { name: '__Secure-next-auth.callback-url', options: { sameSite: 'lax', path: 'https://tradingcenter.joaotextor.com', secure: true } } } To my surprise, even with this setup the cookie value is set to 'http://localhost:3000'!令我惊讶的是,即使使用此设置,cookie 值也设置为“http://localhost:3000”!
Then I noticed something: If the redirect url is set to localhost, how come I'm not being redirected to it when I signin, but only when I signout?然后我注意到一件事:如果重定向 url 设置为本地主机,为什么我在登录时没有被重定向到它,而只有在我注销时才被重定向到它?
Then I remembered I was having a problem with redirect on SignIn() function in way back when I was developing the system, and I made a workaround using useRouter from next/router.然后我记得我在开发系统时遇到了重定向 SignIn() function 的问题,我使用 next/router 中的 useRouter 做了一个解决方法。
Then, I applied the same fix on SignOut, just by setting the redirect prop to 'false' and using router.push() to the desired path:然后,我对 SignOut 应用了相同的修复,只需将重定向属性设置为“false”并将 router.push() 用于所需的路径:
<MenuItem onClick={() => { signOut({redirect: false}) router.push(process.env.NEXT_PUBLIC_NEXTAUTH_URL) }}>Logout</MenuItem>
And there you go. Everything worked as expected.你是 go。一切都按预期进行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.