2023年6月18日 20:57:08go评论107阅读模式

英文:

NextAuth with Wildcard / Custom Domains

问题

我有一个NextJS应用程序。它是一个多租户SaaS应用程序。

该应用程序为每个客户提供了在我们的网站上使用子域或通过CNAME映射其自定义域的选项。

我想允许我们的客户允许他们的员工在其子域站点或自定义域上登录。

export const authOptions: NextAuthOptions = {
  // 配置一个或多个身份验证提供程序
  providers: [
     电子邮件提供程序
    // ...在这里添加更多提供程序
  ],
  pages: {
    signIn: `/login`,
    verifyRequest: `/verify`,
  },
  adapter: PrismaAdapter(prisma),
  cookies: {
    sessionToken: {
      name: 'next-auth.session-token',
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    },
    callbackUrl: {
      name: 'next-auth.callback-url',
      options: {
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    },
    csrfToken: {
      name: 'next-auth.csrf-token',
      options: {
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    }
  }  
}
export default NextAuth(authOptions)

通过上面的 [...nextauth] 文件，我能够使其在子域上运行，因为我在域cookie中使用了 '.mysaas.com'。

但是，将自定义域映射到子域时不起作用？我该如何实现这一点？

如果我可以动态设置cookie域，以便可以将域动态设置为实际域，那么它将起作用。就像不是.mysaas.com，而是.mycustomdomain.com，如果从这个自定义域调用登录页面，那么问题就解决了。

然而，我找不到一种动态设置此cookie域的方法。任何帮助将不胜感激。

英文:

I have a NextJS application. It's a multi-tenant SaaS application.

The app provides each customer with the option to use a subdomain on our site or to map their custom domain vis CNAME.

I want to allow our customers to allow their employees to login on their subdomain site or custom domain.

export const authOptions: NextAuthOptions = {
// Configure one or more authentication providers
providers: [
EMAIL PROVIDER
// ...add more providers here
],
pages: {
signIn: `/login`,
verifyRequest: `/verify`,
},
adapter: PrismaAdapter(prisma),
callbacks: {
},
cookies: {
sessionToken: {
name: &#39;next-auth.session-token&#39;,
options: {
httpOnly: true,
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
domain: process.env.NODE_ENV === &#39;production&#39; ? &#39;.mysaas.com&#39; : undefined,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false
}
},
callbackUrl: {
name: &#39;next-auth.callback-url&#39;,
options: {
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
domain: process.env.NODE_ENV === &#39;production&#39; ? &#39;.mysaas.com&#39; : undefined,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false
}
},
csrfToken: {
name: &#39;next-auth.csrf-token&#39;,
options: {
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
domain: process.env.NODE_ENV === &#39;production&#39; ? &#39;.mysaas.com&#39; : undefined,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false
}
}
}  
}
export default NextAuth(authOptions)

With the above [...nextauth] file, I'm able to make it work with subdomains as I'm using '.mysaas.com' for domain cookie.

However, it doesn't work with a custom domain mapped to a subdomain? How can I achieve that?

If I can set the cookie domain dynamically so that I can dynamically set the domain to the actual domain, then it will work. Like instead of .mysaas.com, if I could set it to .mycustomdomain.com, if the login page is called from this custom domain, then the problem gets resolved.

However, I cannot find a way to set this cookie domain dynamically. Any help is appreciated.

答案1

得分: 1

由于NextAuth默认使用当前域名，因此完全删除NextAuth配置中的domain属性应该就可以解决问题。

英文:

Since NextAuth is using current domain by default, completely removing the domain prop from your NextAuth config should do the trick.

答案2

得分: 0

根据您的要求，您需要在配置中允许从子域和自定义域登录。这可以通过修改“cookie”部分轻松完成。

export const authOptions: NextAuthOptions = {
  // 配置一个或多个身份验证提供者
  providers: [
    // 电子邮件提供者
    // ...在这里添加更多提供者
  ],
  pages: {
    signIn: `/login`,
    verifyRequest: `/verify`,
  },
  adapter: PrismaAdapter(prisma),
  callbacks: {
    session: async (session, user) => {
      // 根据传入的请求设置会话的域
      session.domain = session?.cookies?.nextauth_url
        ? new URL(session.cookies.nextauth_url).hostname
        : undefined;
      return Promise.resolve(session);
    },
  },
  cookies: {
    sessionToken: {
      name: 'next-auth.session-token',
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
    callbackUrl: {
      name: 'next-auth.callback-url',
      options: {
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
    csrfToken: {
      name: 'next-auth.csrf-token',
      options: {
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
  },
};
export default NextAuth(authOptions);

如果您需要帮助，请告诉我。

英文:

As per your requirement you have to allow login from both subdomain and your custom domain in your configuration. This can be easily done by modifying cookie section.

export const authOptions: NextAuthOptions = {
// Configure one or more authentication providers
providers: [
// EMAIL PROVIDER
// ...add more providers here
],
pages: {
signIn: `/login`,
verifyRequest: `/verify`,
},
adapter: PrismaAdapter(prisma),
callbacks: {
session: async (session, user) =&gt; {
// Set the session&#39;s domain based on the incoming request
session.domain = session?.cookies?.nextauth_url
? new URL(session.cookies.nextauth_url).hostname
: undefined;
return Promise.resolve(session);
},
},
cookies: {
sessionToken: {
name: &#39;next-auth.session-token&#39;,
options: {
httpOnly: true,
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false,
},
},
callbackUrl: {
name: &#39;next-auth.callback-url&#39;,
options: {
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false,
},
},
csrfToken: {
name: &#39;next-auth.csrf-token&#39;,
options: {
sameSite: &#39;lax&#39;,
path: &#39;/&#39;,
secure: process.env.NODE_ENV &amp;&amp; process.env.NODE_ENV === &#39;production&#39; ? true : false,
},
},
},
};
export default NextAuth(authOptions);

If you need help please let me know.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

NextAuth 与通配符/自定义域名

问题

答案1

答案2

将消息发送到指定房间的Websocket – Golang Kataras/Iris

Pentaho kettle – 获取所有单词组合

Nodemon在discord.js上进行更改时不会重新启动

简单比较两个结构未知的对象的方法

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。