Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I have two or more Next.js applications which are deployed independently. They provide different services to users, and live under different subdomains e.g.
login.mywebapp.com
andpeople.mywebapp.com
. For the user this is a single web application with a single session.I'd like for the "login" web application to implement the nextjs-auth0 APIs, and have the other applications make use nextjs-auth0 frontend helpers without needing to implement the APIs as well. The other applications should use the APIs under the "login" sub domain.
I can almost make this work by
NEXT_PUBLIC_AUTH0_LOGIN
andNEXT_PUBLIC_AUTH0_PROFILE
in all web appsAccess-Control-Allow-Origin
andAccess-Control-Allow-Credentials
in the API handler in the login web app..mywebapp.com
so that it is shared across sub domains.But the cookie is not sent with the request to
https://login.mywebapp.com/api/auth/me
, returning an "unauthorised" response.This PR makes it possible to send the auth cookie across sub domains by setting the
{ credentials: 'include' }
option in thecheckSession()
fetch call.Testing
Set the environment variable
NEXT_PUBLIC_AUTH0_PROFILE
to a different URL, and add any cookie to that domain. Upon loading the page a request will be sent tohttps://login.mywebapp.com/api/auth/me
with the cookie sent on the request.This change adds test coverage for new/changed/fixed functionality
Checklist
main