nextauthjs/next-auth

Next Auth [v5.0.0-beta.4] Middleware and Scope not working

Open

#9,448 建立於 2023年12月22日

在 GitHub 查看
 (7 留言) (0 反應) (0 負責人)TypeScript (20,875 star) (2,632 fork)batch import
bugcoregood first issue

描述

Environment

System: OS: Windows 11 10.0.22621 CPU: (8) x64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz Memory: 2.78 GB / 11.92 GB Binaries: Node: 18.18.2 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD npm: 10.2.5 - C:\Program Files\nodejs\npm.CMD pnpm: 8.10.3 - C:\Program Files\nodejs\pnpm.CMD Browsers: Edge: Chromium (120.0.2210.77) Internet Explorer: 11.0.22621.1 npmPackages: @auth/core: ^0.19.0 => 0.19.0 @auth/prisma-adapter: ^1.0.12 => 1.0.12 next: 14.0.4 => 14.0.4 next-auth: 5.0.0-beta.4 => 5.0.0-beta.4 react: ^18.2.0 => 18.2.0

Reproduction URL

https://github.com/siinghd/question-tracker

Describe the issue

I am using the NextAuth beta to implement a login feature using the Discord provider and Prisma adapter. I am encountering two primary issues:

Issue 1: Scope Not Working as Expected

The specified scope in auth.config.ts doesn't seem to be applied. Instead, the default scope is used. Here's the relevant code snippet:

const scopes = ['identify', 'guilds'];
export default {
  providers: [
    DiscordProvider({
      clientId: process.env.DISCORD_CLIENT_ID || '',
      clientSecret: process.env.DISCORD_CLIENT_SECRET || '',
      authorization: { params: { scope: scopes.join(' ') } },
    }),
  ],
};

Issue 2: Middleware Not Redirecting Properly

The middleware intended to protect the root path / and redirect unauthenticated users to /login is not functioning as expected. The .env file includes AUTH_SECRET and AUTH_URL.

How to reproduce

  1. Set up the NextAuth configuration with the Discord provider and Prisma adapter.
  2. Define scopes as ['identify', 'guilds'].
  3. Implement middleware to protect the root path and redirect to /login.
  4. Observe that the specified scopes are not applied and the middleware does not redirect as intended.

Expected behavior

  1. The Discord authentication should use the specified scopes (identify, guilds).
  2. Unauthenticated users trying to access the root path should be redirected to the /login page.

Actual Behavior:

  1. The default scope is used instead of the specified custom scopes.
  2. The middleware does not redirect unauthenticated users to /login.

貢獻者指南

技術棧
typescriptnextjsprismareact
領域
authentication
議題類型
bug
難度面向新貢獻者的預計實作難度,1 表示很小改動,5 表示專家級工作。
3
預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。
1-3 hours
活動狀態議題目前的可參與程度:新鮮、活躍、陳舊、阻塞或等待維護者輸入。
active
清晰度議題是否清楚說明預期改動、驗收標準和下一步。
mostly clear
前置要求
Next.jsNextAuth v5PrismaDiscord OAuth
新手友善度1-100 的估計分數,表示該議題對首次貢獻者的友善程度。
60
研究方向
Investigate the authorization parameters in the Discord provider configuration in auth.config.ts. Check if the middleware export is correctly set up in the project structure. Also, review the provided reproduction repository at https://github.com/siinghd/question tracker for replicating the issues.