You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to get the site up and running, using https://authjs.int/ with an Apache proxy, the site works fine to browse. However, upon signIn(), the provider gives the error The redirect URI 'http://authjs.int/api/auth/callback/microsoft-entra-id' specified in the request does not match the redirect URIs configured for the application. The issue is the 'http' in the attempted redirect URI vs 'https' that the site and the provider are configured to use.
When inspecting the site and browsing it, under Application -> Cookies, I have:
authjs.callback-url: http%3A%2F%2Fauthjs.int
authjs.csrf-token: (token string)
So it is passing around an http callback-url rather than the needed https.
The only changes to next-auth-example are:
Updating all packages to use next-auth 5.0.0-beta.18
Modifying the auth,ts to use microsoft-entra-id and trustHost: true
Modify auth-components.tsx to set the provider in await signIn('microsoft-entra-id') so it directs straight to the provider rather than having to click another signIn button (and avoid a csrf-token error).
I have tried multiple different things, like setting the AUTH_URL in the .env file, setting the X-Forwarded-Proto header in the site conf file, and most everything else I can think of. My main application is experiencing the same issue as the modified next-auth-example code so I have been able to reproduce it.
The text was updated successfully, but these errors were encountered:
ksorensen76
added
bug
Something isn't working
triage
Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
labels
May 22, 2024
@ksorensen76 Seems like the basePath inside your auth config is configured incorrectly. Looking at your docker-compose file you are setting it to http://localhost:3000/auth but in your case it would need to be http://localhost:3000/api/auth as far as I can tell. On your production server you will also need to set it to the correct url with https.
@masterjanic I am not using the docker file (that is just a remnant from the next-auth-example codebase), just running npm run dev and then using Apache to forward from the test domain to http://localhost:3000. The problem is that it is sending the wrong protocol (http instead of https) in the redirect url sent to the provider.
@ksorensen76 Huh yeah thats weird. My guess would be that you still need to set an AUTH_URL to https://authjs.int/api/auth. Otherwise it got to be some problem with your Apache config, because the protocol / hostname can't be detected correctly.
I can't really help you there since I don't use Apache but reading the docs when using ProxyPassReverse it says:
Only the HTTP response headers specifically mentioned above will be rewritten. Apache httpd will not rewrite other response headers, nor will it by default rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL references, they will bypass the proxy.
@masterjanic Well, it looks like I still need AUTH_URL due to auth.js not detecting the proper protocol even with it being sent in the X-Forwarded-Proto header. It detects the URL properly, but not the protocol. Well, after trying your suggestion of adding in the AUTH_URL of https://authjs.int/api/auth, I got some [auth][warn][env-url-basepath-redundant] errors, so I removed the /api/auth and now it seems to be working.
I am almost positive that I had tried that before several times, but maybe something else was different. I will load up my actual codebase and see if that resolves the issue there as well.
Environment
Reproduction URL
https://github.com/ksorensen76/next-auth-example
Describe the issue
When trying to get the site up and running, using https://authjs.int/ with an Apache proxy, the site works fine to browse. However, upon signIn(), the provider gives the error
The redirect URI 'http://authjs.int/api/auth/callback/microsoft-entra-id' specified in the request does not match the redirect URIs configured for the application
. The issue is the 'http' in the attempted redirect URI vs 'https' that the site and the provider are configured to use.When inspecting the site and browsing it, under
Application -> Cookies
, I have:authjs.callback-url
: http%3A%2F%2Fauthjs.intauthjs.csrf-token
: (token string)So it is passing around an http callback-url rather than the needed https.
The only changes to
next-auth-example
are:next-auth 5.0.0-beta.18
auth,ts
to usemicrosoft-entra-id
andtrustHost: true
auth-components.tsx
to set the provider inawait signIn('microsoft-entra-id')
so it directs straight to the provider rather than having to click another signIn button (and avoid a csrf-token error).Other than that,
.env.local
looks like this:Apache site conf looks like this:
I have tried multiple different things, like setting the
AUTH_URL
in the .env file, setting theX-Forwarded-Proto
header in the site conf file, and most everything else I can think of. My main application is experiencing the same issue as the modifiednext-auth-example
code so I have been able to reproduce it.How to reproduce
Navigate the site, click the 'Sign In' button,
Expected behavior
After sign in, it should redirect back to https://authjs.int/.
The text was updated successfully, but these errors were encountered: