@auth0/nextjs-auth0 calling me prior to login

  • @auth0/nextjs-auth0
  • 1.3.1
  • next 10.2.2

The problem that I am having is that my call to login.js is also automatically calling /api/auth/me. Given that the user has not logged in yet this call to /api/auth/me returns 401 Unauthorised. Which is correct but it seems to me that this call shouldn’t be being made in the first place. I am worried that my setup is not correct.

I was using an earlier version of nextjs-auth0 so I had already created files for login.js, logout.js, callback.js and me.js.

// /pages/api/login.js
import auth0 from '../../utils/auth0'

export default async function login(req, res) {
  try {
    await auth0.handleLogin(req, res, {
      returnTo: '/Dashboard'
  } catch (error) {
    res.status(error.status || 500).end(error.message);

// /utils/auth0.js
import { initAuth0 } from '@auth0/nextjs-auth0'
import getConfig from 'next/config'
const { serverRuntimeConfig } = getConfig()

export default initAuth0({
  baseURL: serverRuntimeConfig.AUTH0_BASE_URL,
  issuerBaseURL: serverRuntimeConfig.AUTH0_ISSUER_BASE_URL,
  clientID: serverRuntimeConfig.AUTH0_CLIENT_ID,
  clientSecret: serverRuntimeConfig.AUTH0_CLIENT_SECRET,
  secret: serverRuntimeConfig.AUTH0_SESSION_COOKIE_SECRET,
  clockTolerance: 60,
  httpTimeout: 5000,
  authorizationParams: {
    scope: 'openid profile email',
    prompt: 'login'
  routes: {
    callback: '/api/callback',
    postLogoutRedirect: serverRuntimeConfig.AUTH0_POST_LOGOUT_REDIRECT_URI
  session: {
    rollingDuration: 60 * 60 * 24,
    absoluteDuration: 60 * 60 * 24 * 7

Upgrading to v1.3.1 meant that I needed to add the following dynamic API route handler:

// /pages/api/auth/[...auth0].js
import auth0 from '../../../utils/auth0'

export default auth0.handleAuth()

that creates the following urls: /api/auth/login , /api/auth/callback , /api/auth/logout and /api/auth/me .

So to reiterate, it all seems to work, except that my call to /api/login (my pre-existing file and not the auto-generated /api/auth/login) also causes a call to /api/auth/me. This call fails with a 401 as the user hasn’t logged in yet - so no me to return. Can I prevent this call to /api/auth/me?


1 Like

I have the same issue with the same setup.
Did you found out what was the issue by chance?

Hey there!

I think the best way to handle that would be to raise it as a GitHub issue in the repo so we can talk about it directly with the repo maintainers. Thank you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.