Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After signin user gets redirected to last visited page not to requested page #10936

Open
dr15 opened this issue May 16, 2024 · 0 comments
Open

After signin user gets redirected to last visited page not to requested page #10936

dr15 opened this issue May 16, 2024 · 0 comments
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@dr15
Copy link

dr15 commented May 16, 2024

Environment

System:
    OS: macOS 14.4.1
    CPU: (10) arm64 Apple M1 Pro
    Memory: 51.77 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 21.7.3 - /opt/homebrew/bin/node
    npm: 10.8.0 - /opt/homebrew/bin/npm
  Browsers:
    Chrome: 124.0.6367.208
    Safari: 17.4.1
  npmPackages:
    next: 14.2.3 => 14.2.3 
    next-auth: 5.0.0-beta.16 => 5.0.0-beta.16 
    react: ^18 => 18.3.1

The bug is also reproducible in Vercel deployments. (which I have linked below)

Reproduction URL

https://github.com/dr15/auth-callback

Describe the issue

"After signin user gets redirected to last visited page not to requested page"

I created a repo with a minimal project that reproduces the bug: https://github.com/dr15/auth-callback
There are 2 branches, the main one which has custom auth pages and another one called no-custom-pages.
The bug happens on both.
You can test this by going to https://www.debug.baby/ or https://no-custom-pages.debug.baby/

The no-custom-pages branch is as minimal as can be, the auth config has a secret and a provider and that's it.
When a user requests a protected route while not signed in they get redirected to "/api/auth/signin" through a function called protectedRoute() that gets called by getServerSideProps(). I've tried using the query params to redirect to the requested page like this: /api/auth/signin?callbackUrl=${callback} but that didn't work.

If you look at the custom pages flow you'll see that when a user requests a url they get the (custom) sign in page with the "callbackUrl" param pointing at what is stored in their cookie, not the url they requested.

How to reproduce

  1. Clone the repo and run it with your own env vars, or go to either of the urls I specified above
  2. Sign in
  3. Go to page "two" by clicking on the link in the top nav bar
  4. Sign out
  5. Go to localhost:3000/protected/three or https://www.debug.baby/protected/three or https://no-custom-pages.debug.baby/protected/three (depending on where you did steps 1 to 4)
  6. Sign in
  7. You are now on /protected/two

Expected behavior

The expected result is getting to the requested url which in this case was /protected/three, and not the last visited page before signing out (which in this case was /protected/two)
@dr15 dr15 added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dr15