in my production enterprise app that the entire company uses, i get sketchy message: "nextjs-auth0 is attempting to set cookies from a server component,see https://github.com/auth0/nextjs-auth0#using-this-sdk-with-react-server-components" #1552
Comments
The warning only shows in development (when Also, if you read the link the warning points to - you'll see that this is still a valid warning. You cannot write to the cookie in React Server Components, and you are using a feature of the SDK that expects to write to the cookie in a RSC. In these cases the SDK may not behave as expected - more info: https://github.com/auth0/nextjs-auth0#using-this-sdk-with-react-server-components |
|
Why is their a valid warning using the official auth0 library . We are a paid user, is there someone I can talk to about this?
Sent from [Proton Mail](https://proton.me/mail/home) for iOS
…On Thu, Nov 9, 2023 at 6:38 AM, Adam Mcgrath ***@***.***(mailto:On Thu, Nov 9, 2023 at 6:38 AM, Adam Mcgrath <<a href=)> wrote:
Hi ***@***.***(https://github.com/Jared-Dahlke)
> It is embarrassing to have this warning in the console in our production enterprise applications at work
The warning only shows in development (when NODE_ENV=development) (see https://github.com/auth0/nextjs-auth0/blob/main/src/http/auth0-next-response-cookies.ts#L8) - so this would suggest your production enterprise applications are running in development mode.
Also, if you read the link the warning points to - you'll see that this is still a valid warning. You cannot write to the cookie in React Server Components, and you are using a feature of the SDK that expects to write to the cookie in a RSC. In these cases the SDK may not behave as expected - more info: https://github.com/auth0/nextjs-auth0#using-this-sdk-with-react-server-components
—
Reply to this email directly, [view it on GitHub](#1552 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH3JIESVHZZF4GHYNE2AVJDYDTTF5AVCNFSM6AAAAAA7ES5WFWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBTHE2TIMZXG4).
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
The warning is there to inform you that you can't write cookies in a Server Component. This is not a restriction imposed by the SDK, it is imposed by Next.js. The SDK can't change this - we have to operate within the bounds of the framework. What we can do is warn you, at development time, that the features of the SDK that rely on writing to the cookie wont work in Server Components and share a link where we offer some solutions to this (like writing to the session cookie in the middleware). We chose to add this warning, at development time, so that you can take any necessary steps to workaround this restriction on Server Components before going to production. If we didn't add a warning developers might only discover this when they start getting feedback from their users about sessions expiring early or noticing increased traffic to their refresh token endpoint.
Information about what support channels Auth0 offer are here https://auth0.com/docs/troubleshoot/customer-support/support-channels |
|
I looked at the solutions but they are very minimalistic and not complete. I have no idea how to fix the problem , it doesn’t give any example or detail . Can you please provide the exact code needed to make it work properly?
Sent from [Proton Mail](https://proton.me/mail/home) for iOS
…On Fri, Nov 10, 2023 at 2:36 AM, Adam Mcgrath ***@***.***(mailto:On Fri, Nov 10, 2023 at 2:36 AM, Adam Mcgrath <<a href=)> wrote:
Hi ***@***.***(https://github.com/Jared-Dahlke)
> Why is their a valid warning using the official auth0 library
The warning is there to inform you that you can't write cookies in a Server Component. This is not a restriction imposed by the SDK, it is imposed by Next.js. The SDK can't change this - we have to operate within the bounds of the framework.
What we can do is warn you, at development time, that the features of the SDK that rely on writing to the cookie wont work in Server Components and [share a link](https://github.com/auth0/nextjs-auth0#using-this-sdk-with-react-server-components) where we offer some solutions to this (like writing to the session cookie in the middleware).
We chose to add this warning, at development time, so that you can take any necessary steps to workaround this restriction on Server Components before going to production. If we didn't add a warning developers might only discover this when they start getting feedback from their users about sessions expiring early or noticing increased traffic to their refresh token endpoint.
> We are a paid user, is there someone I can talk to about this?
Information about what support channels Auth0 offer are here https://auth0.com/docs/troubleshoot/customer-support/support-channels
—
Reply to this email directly, [view it on GitHub](#1552 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH3JIEVPLNPEYPPHTP6PCIDYDX7ULAVCNFSM6AAAAAA7ES5WFWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBVGQ4DANRQGA).
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
It's difficult to give the exact code without knowing how you're using the SDK. In most cases it will simply be a case of protecting your routes with withMiddlewareAuthRequired - then your session expiry will be updated every time the user touches the session and you can safely ignore the warning. If your application has more complex requirements, like refreshing access tokens from react server components - then I'd need some more info to give you a good recommendation. |
|
experiencing the same issue here If I understand it correctly, then I can safe ignore this warning in server rendering components right? because the |
Correct 👍 |
|
ok awesome thank you @adamjmcgrath . I am using middleware so I am good then. I think what throws people off is this sentence here where it says the cookie "can" be written from middleware. Almost as if it's implying something extra has to be done, and it doesn't help that i get the warning as well. Thanks for the clarification!
|
|
@adamjmcgrath after writing that comment I realized I need to ask you a clarifying question. i am using middleware.ts to protect my app, but i'm not using Am I all good still doing it this way? |
|
Yep - you're good, anything that accesses the session (like getSession) is fine, you just need to make sure you use the req/res when you get the session export async function middleware(req: NextRequest) {
const { nextUrl } = req;
const res = NextResponse.next()
const session = await getSession(req, res);
const isProtectedRoute =
nextUrl.pathname.startsWith("/app") || nextUrl.pathname.startsWith("/api");
const isNotProtectedRoute = nextUrl.pathname.startsWith("/api/auth");
if (!session && isProtectedRoute && !isNotProtectedRoute) {
const loginUrl = new URL("/api/auth/login", req.url);
loginUrl.searchParams.set("returnTo", req.nextUrl.pathname);
return NextResponse.redirect(loginUrl);
}
return res;
} |
|
Also, will take another look at those docs. Going to put some time aside shortly to see if there's a better way to support using RSC's than what we're doing at the moment. |
|
@adamjmcgrath , I noticed that I am getting a bunch of these errors in Sentry: If you read the error it looks like Auth0 is causing the error. Could you share your thoughts/ what i could do to prevent this error , assuming everything is ok... |
|
Hi @Jared-Dahlke - this looks like an issue in Sentry (see getsentry/sentry-javascript#9290) - Those errors are a normal part of a successful build (next uses errors to bail out of static rendering) that shouldn't surface to the user. Looks like Sentry have fixed this in 7.80.0 getsentry/sentry-javascript#9503 |
|
I think I've answered your questions - so closing. |
|
Yes that fixed it Adam. Thank you for your help
Sent from [Proton Mail](https://proton.me/mail/home) for iOS
…On Wed, Nov 15, 2023 at 3:30 AM, Adam Mcgrath ***@***.***(mailto:On Wed, Nov 15, 2023 at 3:30 AM, Adam Mcgrath <<a href=)> wrote:
Closed [#1552](#1552) as completed.
—
Reply to this email directly, [view it on GitHub](#1552 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH3JIET67YPIL5OARW6QTHLYESRVBAVCNFSM6AAAAAA7ES5WFWVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJQHE3DMMRXGM4TSMY).
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
This comment was marked as duplicate.
This comment was marked as duplicate.
|
Apologies for the revival. I'll move this to #1614 |
|
So if i understand this correctly, So the only method to get rid of the warning would be to set the environment variable export default withMiddlewareAuthRequired({
async middleware(req) {
const res = NextResponse.next();
await touchSession(req, res);
return res;
},
});This seems a little convoluted. I feel like it is misleading that the the warning gets emitted in the first place when everything is setup correctly anyways. Or i missed something in the docs, but it appears to me that the warning is always emitted when |
|
@ilovemesomeramen or you can just ignore the warning. 😂 |
Checklist
Description
I am surprised this still persists. Isn't this the official Nextjs Auth0 package? Lee Rob said he tried to talk to you guys about this and is not sure why it is still appearing. Is there some kind of problem that needs fixed? It is embarrassing to have this warning in the console in our production enterprise applications at work. We are 2 major versions in.
Reproduction
run the official Auth0 Nextjs library with any Nextjs 13 or Nextjs 14 app.
Additional context
No response
nextjs-auth0 version
"@auth0/nextjs-auth0": "^3.2.0",
Next.js version
14
Node.js version
20
The text was updated successfully, but these errors were encountered: