- @auth0/nextjs-auth0
- 1.3.1
- next 10.2.2
The problem that I am having is that my call to login.js is also automatically calling /api/auth/me
. Given that the user has not logged in yet this call to /api/auth/me
returns 401 Unauthorised. Which is correct but it seems to me that this call shouldn’t be being made in the first place. I am worried that my setup is not correct.
I was using an earlier version of nextjs-auth0 so I had already created files for login.js, logout.js, callback.js and me.js.
// /pages/api/login.js
import auth0 from '../../utils/auth0'
export default async function login(req, res) {
try {
await auth0.handleLogin(req, res, {
returnTo: '/Dashboard'
})
} catch (error) {
console.error(error);
res.status(error.status || 500).end(error.message);
}
}
// /utils/auth0.js
import { initAuth0 } from '@auth0/nextjs-auth0'
import getConfig from 'next/config'
const { serverRuntimeConfig } = getConfig()
export default initAuth0({
baseURL: serverRuntimeConfig.AUTH0_BASE_URL,
issuerBaseURL: serverRuntimeConfig.AUTH0_ISSUER_BASE_URL,
clientID: serverRuntimeConfig.AUTH0_CLIENT_ID,
clientSecret: serverRuntimeConfig.AUTH0_CLIENT_SECRET,
secret: serverRuntimeConfig.AUTH0_SESSION_COOKIE_SECRET,
clockTolerance: 60,
httpTimeout: 5000,
authorizationParams: {
scope: 'openid profile email',
prompt: 'login'
},
routes: {
callback: '/api/callback',
postLogoutRedirect: serverRuntimeConfig.AUTH0_POST_LOGOUT_REDIRECT_URI
},
session: {
rollingDuration: 60 * 60 * 24,
absoluteDuration: 60 * 60 * 24 * 7
}
})
Upgrading to v1.3.1 meant that I needed to add the following dynamic API route handler:
// /pages/api/auth/[...auth0].js
import auth0 from '../../../utils/auth0'
export default auth0.handleAuth()
that creates the following urls: /api/auth/login
, /api/auth/callback
, /api/auth/logout
and /api/auth/me
.
So to reiterate, it all seems to work, except that my call to /api/login (my pre-existing file and not the auto-generated /api/auth/login
) also causes a call to /api/auth/me
. This call fails with a 401 as the user hasn’t logged in yet - so no me to return. Can I prevent this call to /api/auth/me
?
Thanks.