Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document best practices for using nextjs-auth0 with a nextjs production build. #154

Closed
martaver opened this issue Aug 9, 2020 · 7 comments
Labels
bug Something isn't working

Comments

@martaver
Copy link

martaver commented Aug 9, 2020

Description

During a production build, nextjs creates optimised builds for each page. Naturally, these pages won't authenticate as there is no user, however auth0 will require configuration variables, such as AUTH0_DOMAIN, AUTH0_CLIENT and so on...

These are secrets that should be injected into the application at runtime, and it strikes me that they shouldn't be necessary at build time and that would be bad practice.

Is there an official take on this?

@invasionofsmallcubes
Copy link

invasionofsmallcubes commented Aug 14, 2020

You know, I actually had the same doubt when I've read the tutorial. Seems weird right?
I was thinking to try a build passing the variables from environment but it's not clear if it will work at runtime on Vercel.

@jordie23
Copy link

It's because in the example the initAuth0 function is executed as soon as the file is imported.

i.e. this is generally used in the examples:

import { initAuth0 } from '@auth0/nextjs-auth0';

export default initAuth0({
  domain: '<AUTH0_DOMAIN>'
  clientId: '<AUTH0_CLIENT_ID>',
  clientSecret: '<AUTH0_CLIENT_SECRET>',
  audience: 'https://api.mycompany.com/',
  scope: 'openid profile',
  redirectUri: 'http://localhost:3000/api/callback',
  postLogoutRedirectUri: 'http://localhost:3000/',
  session: {
    cookieSecret: '<RANDOMLY_GENERATED_SECRET>',
    cookieLifetime: 60 * 60 * 8,
    cookieDomain: 'https://mycompany.com',
    storeAccessToken: true
  }
});

I changed it to:

import { initAuth0 } from '@auth0/nextjs-auth0'

let auth0 = null

export default () => {
  if (!auth0) {
    auth0 = initAuth0({
      domain: '<AUTH0_DOMAIN>'
      clientId: '<AUTH0_CLIENT_ID>',
      clientSecret: '<AUTH0_CLIENT_SECRET>',
      audience: 'https://api.mycompany.com/',
      scope: 'openid profile',
      redirectUri: 'http://localhost:3000/api/callback',
      postLogoutRedirectUri: 'http://localhost:3000/',
      session: {
        cookieSecret: '<RANDOMLY_GENERATED_SECRET>',
        cookieLifetime: 60 * 60 * 8,
        cookieDomain: 'https://mycompany.com',
        storeAccessToken: true
      }
    });
  }
  return auth0
}

Then when you import it

e.g.

import auth0 from '../../../lib/auth0'

you will need to call it like:

auth0().handleCallback(req, res, { redirectTo: '/' })

This means it'll only be executed when the code is run and not at build time.

@Widcket Widcket added the needs investigation This needs to be investigated further before proceeding label Jan 16, 2021
@adamjmcgrath
Copy link
Contributor

Hi @martaver - the new Beta uses named exports which lazily create an instance at runtime and therefore shouldn't need the environment variables at build time.

I recommend you check out the Beta here https://github.com/auth0/nextjs-auth0/tree/beta

There's currently an issue with one of the named exports using env vars at build time, so I'll leave this issue open while we fix that

@adamjmcgrath adamjmcgrath added bug Something isn't working and removed needs investigation This needs to be investigated further before proceeding labels Jan 20, 2021
@martaver
Copy link
Author

That's great news! Thanks very much for looking into it!

@Widcket
Copy link
Contributor

Widcket commented Jan 26, 2021

Fixed by #255.

@StianOvrevage
Copy link

Leaving a note here as well. Will the fix implemented in beta soon be merged into main branch?

@Widcket
Copy link
Contributor

Widcket commented Jun 17, 2021

Hi @StianOvrevage, that is already on the main branch. That beta reached GA a few months ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

6 participants