fix: wrong redirect url for oidc requests #1909 (#2149)

* fix: wrong redirect url for oidc requests #1909 * fix: login not working with https
2025-10-26 00:56:12 +02:00 · 2024-10-16 16:47:21 +02:00
parent d4765c1e7f
commit 6469aa2350
5 changed files with 14 additions and 12 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,8 +4,7 @@ DATABASE_URL="file:./database/db.sqlite"
 # You can generate a new secret on the command line with:
 # openssl rand -base64 32
 # https://next-auth.js.org/configuration/options#secret
-NEXTAUTH_URL="http://localhost:3000"
-
+AUTH_TRUST_HOST="true"
 NEXTAUTH_SECRET="anything"

 # Disable analytics
--- a/2
+++ b/2
@@ -52,7 +52,7 @@ EXPOSE $PORT
 ENV PORT=${PORT}

 ENV DATABASE_URL "file:/data/db.sqlite"
-ENV NEXTAUTH_URL "http://localhost:7575"
+ENV AUTH_TRUST_HOST="true"
 ENV PORT 7575
 ENV NEXTAUTH_SECRET NOT_IN_USE_BECAUSE_JWTS_ARE_UNUSED

--- a/package.json
+++ b/package.json
@@ -11,7 +11,7 @@
    "dev": "next dev",
    "build": "NEXTAUTH_SECRET=WILL_BE_OVERWRITTEN next build",
    "analyze": "ANALYZE=true next build",
-    "turbo": "DATABASE_URL=file:WILL_BE_OVERWRITTEN.sqlite NEXTAUTH_URL=http://WILL_BE_OVERWRITTEN turbo build",
+    "turbo": "DATABASE_URL=file:WILL_BE_OVERWRITTEN.sqlite turbo build",
    "start": "next start",
    "typecheck": "tsc --noEmit",
    "export": "next build && next export",
--- a/src/env.js
+++ b/src/env.js
@@ -37,13 +37,6 @@ const env = createEnv({
    DATABASE_URL: z.string().url().default('file:../database/db.sqlite'),
    NEXTAUTH_SECRET:
      process.env.NODE_ENV === 'production' ? z.string().min(1) : z.string().min(1).optional(),
-    NEXTAUTH_URL: z.preprocess(
-      // This makes Vercel deployments not fail if you don't set NEXTAUTH_URL
-      // Since NextAuth.js automatically uses the VERCEL_URL if present.
-      (str) => process.env.VERCEL_URL ?? str,
-      // VERCEL_URL doesn't include `https` so it cant be validated as a URL
-      process.env.VERCEL ? z.string().min(1) : z.string().url()
-    ),
    DOCKER_HOST: z.string().optional(),
    DOCKER_PORT: portSchema,
    DEMO_MODE: z.string().optional(),
@@ -136,7 +129,6 @@ const env = createEnv({
  runtimeEnv: {
    DATABASE_URL: process.env.DATABASE_URL,
    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
    NEXT_PUBLIC_DISABLE_ANALYTICS: process.env.DISABLE_ANALYTICS,
    DOCKER_HOST: process.env.DOCKER_HOST,
    DOCKER_PORT: process.env.DOCKER_PORT,
--- a/src/server/auth.ts
+++ b/src/server/auth.ts
@@ -106,6 +106,17 @@ export const constructAuthOptions = async (
  },
  adapter: adapter as Adapter,
  providers: [...(await getProviders(req.headers)), EmptyNextAuthProvider()],
+  cookies: {
+    sessionToken: {
+      name: 'next-auth.session-token',
+      options: {
+        httpOnly: true,
+        sameSite: 'lax',
+        path: '/',
+        secure: true,
+      },
+    },
+  },
  jwt: {
    async encode(params) {
      if (!isCredentialsRequest(req)) {