fix(next): returns correct status for signing in with redirect: false for route handler
#8775
+13
−12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
2 Ignored Deployments
|
github-actions
bot
added
the
legacy
|
🎉 Experimental release published 📦️ on npm! pnpm add next-auth@0.0.0-pr.8775.a98a849eyarn add next-auth@0.0.0-pr.8775.a98a849enpm i next-auth@0.0.0-pr.8775.a98a849e |
balazsorban44
approved these changes
Oct 2, 2023
ThangHuuVu
deleted the
fix/credential-provider-redirect-false-route-handler
branch
This was referenced Oct 2, 2023
CredentialsProvider authorize function returns status 200 and response ok when Error is thrown
#7725
Closed
ThangHuuVu
added a commit
that referenced
this pull request
Oct 2, 2023
3 tasks
|
@balazsorban44 Really apologize for my tone in #7725 . I can't really begin to appreciate the work you have done for the community. Hundreds of thousands of developers are powering their apps with this awesome package. I never intended to disregard or disrespect you. Thank you so much for all the hard work you are putting into it. |
balazsorban44
pushed a commit
that referenced
this pull request
Oct 3, 2023
|
@umair-mirza probably wasn't intentional on your side, no worries. What I tried to clarify in #7725 (comment) is how this is a very widespread issue in OSS, sometimes it's hard to see the people on the other side. Appreciate your words! 🙏 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
☕️ Reasoning
When signing in with
next-auth/reactsignIn()function withredirect: false, the status is not correctly set in the response. There are two cases that this bug will return 200 OK instead of the expected status:authorizefunction returns false or throws an error. Expected status: 401signIncallback returns false. Expected status: 403Basically, the bug appears every time we return
statusandredirectat the same time for onereturnstatement inpackages/next-auth/src/core/routes/callback.ts.Note that this bug only affects Route Handler. For API Route, we calls
res: NextApiResponseinstead of returning a newResponseobject.🧢 Checklist
🎫 Affected issues
Please scout and link issues that might be solved by this PR.
Fixes: #7638, fixes #7725, fixes #8340
📌 Resources