-
-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
defaultProvider
does not work with Custom OAuth
#928
Comments
Could you please check that your CSRF token is verified? Sadly, I can't provide much other help as I don't have enough context and haven't set up custom providers with |
How do I check the CSRF token? I'm not really familiar with |
Hi I also have been dealing with this issue. I have a Duende Identity provider and usually to replicate this, you add the globalAppMiddleware to true and to access a protected site with clear cookies/site data. I tried to investigate this since I am using a middleware of my own that basically just calls the In the const fetchSignIn = () => _fetch(nuxt, `/${action}/${provider}`, {
method: "post",
params: authorizationParams,
headers,
body
}).catch((error2) => error2.data);
const data = await callWithNuxt(nuxt, fetchSignIn); Returns a url with the csrf being true cause the header did not contain
Further investigation for this since i littered signIn function in
As opposed to having a csrf token in place
I wonder if this helps, at this time, I think im just going to put the globalAppMiddleware to false and put per page signIn which is annoying Edit: 2024-10-23 I would like to add my middleware that I am using, it may help to debug whatever is going here with CSRF stuff export default defineNuxtRouteMiddleware((to, from) => {
const config = useRuntimeConfig()
const { status, signIn } = useAuth();
const basePath = config.public.FRONTEND_PRIMARY_BASE_URL;
const isAuthenticated = status.value === "authenticated";
// Return immediately if user is already authenticated
if (isAuthenticated) {
if (to.matched.length === 0 && (basePath as string) != undefined && (basePath as string) != null) {
let url = new URL(to.path, (basePath as string)).href;
return navigateTo(url, { redirectCode: 301, external: true });
}
return
}
return signIn('identityserver', { callbackUrl: to.path, redirect: true }) as ReturnType<typeof navigateTo>
}); |
Environment
Reproduction
https://github.com/tschni/sidebase-nuxt-auth-default-provider-issue
Describe the bug
I have set up a custom OAuth provider with Authjs. In
nuxt.config.ts
I have set this as defaultProvider and activated the globalAppMiddleware.Now I would have expected that when I opened the Nuxt app, I would automatically be redirected to the login page of my OAuth provider. This also fits with the following statement from the documentation: “Setting this here will also affect the global middleware behavior. For instance, when you set it to github and the user is unauthorized, they will be directly forwarded to the Github OAuth page instead of seeing the app-login page”.
However, there is a redirect to
/api/auth/signin
, where I first have to click a sign in button. Since I have only defined this one provider, I would of course like to skip this step and be redirected directly to the login page of my provider.There seems to have been the same error before, but without a helpful solution: #531
Additional context
No response
Logs
No response
The text was updated successfully, but these errors were encountered: