Replies: 10 comments 4 replies
-
Hey, what's your use case? I was just thinking about how to solve this problem for an app that needs to keep a user signed in across domains. I'm thinking maybe to use an iframe on |
Beta Was this translation helpful? Give feedback.
-
In our case, the app is loaded in an iframe by another application. Essentially a third party service that a customer can embed in their dashboard. |
Beta Was this translation helpful? Give feedback.
-
I have the same use case now. Apps for the given provider will be shown in an iframe. Using signIn causing an infinite loop and nothing happens when you click on a provider at /api/auth/signin. Of course, I can redirect to authorize URL by myself, but then state protection has to be off and the user will be not redirected to the requested page after oauth. |
Beta Was this translation helpful? Give feedback.
-
Any updates/workarounds? |
Beta Was this translation helpful? Give feedback.
-
Also interested on this. Any solution? |
Beta Was this translation helpful? Give feedback.
-
Also trying to find a solution to this issue. Any one looking at this thread? |
Beta Was this translation helpful? Give feedback.
-
Similar issue when trying to use |
Beta Was this translation helpful? Give feedback.
-
I have found similar issue. Please solve it asap with keep secure. When I try to keep inside iframe my nextjs app with next-auth. There have issue that login doesn't work. |
Beta Was this translation helpful? Give feedback.
-
So, apparently many auth providers, including Microsoft disallow login page loading on an iframe due to security reasons. Suggestion: let auth flow in a popup window, and also enable some kind of way to pass obtained session in the popup down to parent window or parent iframe. Currently it requires to enable cross-site cookies, which is not great solution and will not work soon, when Chrome bans it. I created a thread in Stackoverflow, with more specific problem with MS Teams app context, where things are running in an iframe: |
Beta Was this translation helpful? Give feedback.
-
Describe the bug
Unable to login with next-auth when the app is inside an iframe.
Steps to reproduce
Create a page with an iframe.
On inspection, noticed that the request is received in
[...nextauth].js
. However, theNextAuth
app doesn't seem to act upon it.Expected behavior
Should work as normal and I should be able to login.
Feedback
Beta Was this translation helpful? Give feedback.
All reactions