In Nextjs, baseURL need to be retrievable dynamically from 'next/headers'

gabor.ottlik.hun · May 27, 2024, 4:29pm

I want to retrieve the baseURL dynamically from nextjs new headers api.
My code looks like this:

import { initAuth0 } from '@auth0/nextjs-auth0';
import { headers } from 'next/headers';

function getSubdomain() {
	const host = headers()?.get('host');
	const [subdomain] = host?.split('.') || [];

	console.log('-- subdomain', subdomain);
	return subdomain || '*';
}

export default initAuth0({
	secret: process.env.AUTH0_SECRET,
	issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
	baseURL: `http://${getSubdomain()}.localhost:3001`,
	clientID: process.env.AUTH0_CLIENT_ID,
	clientSecret: process.env.AUTH0_CLIENT_SECRET,
});

The error I get is the following:
Error: headers was called outside a request scope. Read more: Dynamic API was called outside request | Next.js

Can you guys suggest a way where I can call headers() to define baseURL?

I need a dynamic way to set subdomains in the baseURL otherwise it would be to open with * and would result security issues.

daniel40392 · May 27, 2024, 8:55pm

Is this the same issue as not being able to access window.location or similar within a react component with NextJS? I managed to work around that previously by leveraging the use of the useEffect hook, which essentially waits for the client side aspect of NextJS to be available. Not sure if this may help you out.

gabor.ottlik.hun · May 30, 2024, 3:24pm

As /auth0 is placed in route.ts file it will always be a server component so won’t be able to access to the DOM API.
I’ve found this workaround helpful, in the meantime.

github.com/auth0/nextjs-auth0

Override AUTH0_BASE_URL during runtime

opened 04:21PM - 03 Dec 21 UTC

closed 09:45AM - 07 Dec 21 UTC

jnlsn

question

### Description I have a next.js app that services many organizations via wil…dcard domains like https://my-org.my-site.com, https://my-other-org.my-site.com. Using examples I found here in resolved GitHub issues, I was able to get the redirectUri working as expected. However, now I randomly run into issues with users getting a `checks.state argument is missing` error when they attempt to log in. According to [this thread](https://community.auth0.com/t/badrequesterror-checks-state-argument-is-missing/42609), the solution is to set AUTH0_BASE_URL to match the domain serving the app. Problem is I can't do that because the domain could be any of https://*.my-site.com. ### Reproduction Custom `[...auth0].tsx` route ```typescript import { handleAuth, handleCallback, handleLogin, handleLogout, } from "@auth0/nextjs-auth0"; import type { NextApiRequest, NextApiResponse } from "next"; function getUrls(req: NextApiRequest): { redirectUri: string; returnTo: string; } { const protocol = process.env.NODE_ENV === "development" ? "http" : "https"; const host = req.headers.host; return { redirectUri: `${protocol}://${host}/api/auth/callback`, returnTo: `${protocol}://${host}`, }; } export default handleAuth({ async callback(req: NextApiRequest, res: NextApiResponse) { try { const { redirectUri } = getUrls(req); await handleCallback(req, res, { redirectUri: redirectUri }); } catch (error) { res.status(error.status || 500).end(error.message); } }, async login(req: NextApiRequest, res: NextApiResponse) { try { const { redirectUri, returnTo } = getUrls(req); await handleLogin(req, res, { authorizationParams: { redirect_uri: redirectUri, }, returnTo: returnTo, }); } catch (error) { res.status(error.status || 400).end(error.message); } }, async logout(req: NextApiRequest, res: NextApiResponse) { const { returnTo } = getUrls(req); await handleLogout(req, res, { returnTo: returnTo, }); }, }); ``` ### Environment - Next.js 11.1.2 - @auth0/nextjs-auth0 1.6.1

But my example above really should work.