nextauthjs/next-auth

Next Auth [v5.0.0-beta.4] Middleware and Scope not working

Open

#9448 opened on Dec 22, 2023

View on GitHub
 (7 comments) (0 reactions) (0 assignees)TypeScript (20,875 stars) (2,632 forks)batch import
bugcoregood first issue

Description

Environment

System: OS: Windows 11 10.0.22621 CPU: (8) x64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz Memory: 2.78 GB / 11.92 GB Binaries: Node: 18.18.2 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD npm: 10.2.5 - C:\Program Files\nodejs\npm.CMD pnpm: 8.10.3 - C:\Program Files\nodejs\pnpm.CMD Browsers: Edge: Chromium (120.0.2210.77) Internet Explorer: 11.0.22621.1 npmPackages: @auth/core: ^0.19.0 => 0.19.0 @auth/prisma-adapter: ^1.0.12 => 1.0.12 next: 14.0.4 => 14.0.4 next-auth: 5.0.0-beta.4 => 5.0.0-beta.4 react: ^18.2.0 => 18.2.0

Reproduction URL

https://github.com/siinghd/question-tracker

Describe the issue

I am using the NextAuth beta to implement a login feature using the Discord provider and Prisma adapter. I am encountering two primary issues:

Issue 1: Scope Not Working as Expected

The specified scope in auth.config.ts doesn't seem to be applied. Instead, the default scope is used. Here's the relevant code snippet:

const scopes = ['identify', 'guilds'];
export default {
  providers: [
    DiscordProvider({
      clientId: process.env.DISCORD_CLIENT_ID || '',
      clientSecret: process.env.DISCORD_CLIENT_SECRET || '',
      authorization: { params: { scope: scopes.join(' ') } },
    }),
  ],
};

Issue 2: Middleware Not Redirecting Properly

The middleware intended to protect the root path / and redirect unauthenticated users to /login is not functioning as expected. The .env file includes AUTH_SECRET and AUTH_URL.

How to reproduce

  1. Set up the NextAuth configuration with the Discord provider and Prisma adapter.
  2. Define scopes as ['identify', 'guilds'].
  3. Implement middleware to protect the root path and redirect to /login.
  4. Observe that the specified scopes are not applied and the middleware does not redirect as intended.

Expected behavior

  1. The Discord authentication should use the specified scopes (identify, guilds).
  2. Unauthenticated users trying to access the root path should be redirected to the /login page.

Actual Behavior:

  1. The default scope is used instead of the specified custom scopes.
  2. The middleware does not redirect unauthenticated users to /login.

Contributor guide

Tech stack
typescriptnextjsprismareact
Domain
authentication
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Next.jsNextAuth v5PrismaDiscord OAuth
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Investigate the authorization parameters in the Discord provider configuration in auth.config.ts. Check if the middleware export is correctly set up in the project structure. Also, review the provided reproduction repository at https://github.com/siinghd/question tracker for replicating the issues.