You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The issue is that when I'm trying to use the secure: true on the production(soo !IS_DEV) for all of the secure mentions through the code. Then it works correctly on the localhost, but as soon as we deploy it on the production, it stops working with an error
It cannot send secure cookies over an unencrypted connection.
The Azure-ad works fine, but the custom credentials flow doesn't. It has to be because of the new Cookies() and the setting of the cookies. The page is deployed with https and everything else works. I think that if there was something bad with the SSL connection, then it would not work for Azure-ad as well.
Any ideas why this happens, or how we can debug it?
How to reproduce
Not really reproducible, the codebase that would be needed to reproduce this would be relatively big. Especially because we have our own rest adapter which is communicating with our back end.
Expected behavior
Secure cookies should be set for credentials flow as well, on the production. On the localhost it works fine.
Of course in the moment when the secure is true, not false as it is hardcoded in the code I provided.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Environment
System:
OS: Windows 11 10.0.22631
CPU: (20) x64 12th Gen Intel(R) Core(TM) i7-12700H
Memory: 12.35 GB / 31.68 GB
Binaries:
Node: 20.10.0 - ~\AppData\Local\Volta\tools\image\node\20.10.0\node.EXE
Yarn: 4.1.1 - ~\AppData\Local\Volta\tools\image\yarn\4.1.1\bin\yarn.CMD
npm: 10.2.3 - ~\AppData\Local\Volta\tools\image\node\20.10.0\npm.CMD
Browsers:
Edge: Chromium (126.0.2592.68)
Internet Explorer: 11.0.22621.3527
npmPackages:
next: 14.1.0 => 14.1.0
next-auth: 4.24.5 => 4.24.5
react: 18.2.0 => 18.2.0
Reproduction URL
not really possible
Describe the issue
We have encountered a problem with nextAuth recently. We have an application where we have Azure-ad and custom credentials flow.
Azure-ad works as expected and we can normally log in with secure cookies as expected.
Problems come with the custom credentials flow we have. Here is the code of [...nextauth].ts and after that I'll explain the issue.
Untitled-1.zip
The issue is that when I'm trying to use the secure: true on the production(soo !IS_DEV) for all of the secure mentions through the code. Then it works correctly on the localhost, but as soon as we deploy it on the production, it stops working with an error
It cannot send secure cookies over an unencrypted connection.
The Azure-ad works fine, but the custom credentials flow doesn't. It has to be because of the new Cookies() and the setting of the cookies. The page is deployed with https and everything else works. I think that if there was something bad with the SSL connection, then it would not work for Azure-ad as well.
Any ideas why this happens, or how we can debug it?
How to reproduce
Not really reproducible, the codebase that would be needed to reproduce this would be relatively big. Especially because we have our own rest adapter which is communicating with our back end.
Expected behavior
Secure cookies should be set for credentials flow as well, on the production. On the localhost it works fine.
Of course in the moment when the secure is true, not false as it is hardcoded in the code I provided.
Beta Was this translation helpful? Give feedback.
All reactions