-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Breaking change with local testing using V4 plugin #1846
Comments
Some additional information. When I setup a self-signed SSL certificate for local testing, it fails the discovery check in this method in the dependent library: https://github.com/panva/oauth4webapi/blob/d2085804c79783ec52feb391953f06d2461675be/src/index.ts#L1180 I was able to verify the URL it is trying to call does load from the |
Hey @bweber 👋 Thanks for the feedback here! The underlying library you mentioned no longer allows non-HTTPS requests as of v3 without passing a specific flag. In the upcoming release (linked above), you should be able to pass an import { Auth0Client } from "@auth0/nextjs-auth0/server"
export const auth0 = new Auth0Client({
allowInsecureRequests: true,
}) and specify an issuer with a protocol (e.g.: Hopefully this should help with developing locally against the mock OIDC server. |
The latest release ( |
The changes work when I am running using Is there a way we can remove these lines from the auth0-client: nextjs-auth0/src/server/auth-client.ts Lines 139 to 143 in 1e482a4
I removed them from the copy in my |
We'd like to make sure the setting is not unintentionally left enabled in production. We can change it to log a warning in the console instead of throwing an error to support the use case of running |
Yea, that would be good. If we can log a warning to ensure developers see it, that is how the underlying library you are using is also working by showing a warning about an insecure issuer. As long as we aren't throwing an error here, this will fix my issue for local testing. |
Sounds good, we'll get that fixed in the next release. Thanks for your feedback! |
Awesome, do you know when that may be? Any way we can cut a new release with the change? |
Hey @bweber 👋 The latest release ( |
@guabu Just verified this worked. Thank you again! |
Checklist
Description
We are currently using the npm package
oidc-provider
recommended here: https://github.com/auth0/nextjs-auth0/blob/main/TESTING.mdGiven that, with the change to the new
AUTH0_DOMAIN
, it throws an error if you prependhttp://
on the front of the domain saying it cannot contain a schema.This creates a breaking change for us as we need to disable
https
for local testing.The alternative is a way to disable SSL validation to support self-signed certificates for local development as it appears this is failing.
We do not want to do local development directly against Auth0 as we generate dummy user accounts for testing and don't want to share ClientID/Secrets amongst all of our developers.
Reproduction
oidc-provider
running on port 3001 using the following env variables:My
oidc-provider
configuration is as follows:The rest of the NextJS and Auth0 setup matches what is in the documentation in the Readme for V4.
Additional context
No response
nextjs-auth0 version
v4-beta10
Next.js version
15
Node.js version
22
The text was updated successfully, but these errors were encountered: