NextAuth 与通配符/自定义域名

huangapple go评论73阅读模式
英文:

NextAuth with Wildcard / Custom Domains

问题

我有一个NextJS应用程序。它是一个多租户SaaS应用程序。

该应用程序为每个客户提供了在我们的网站上使用子域或通过CNAME映射其自定义域的选项。

我想允许我们的客户允许他们的员工在其子域站点或自定义域上登录。

export const authOptions: NextAuthOptions = {
  // 配置一个或多个身份验证提供程序
  providers: [
     电子邮件提供程序
    // ...在这里添加更多提供程序
  ],
  pages: {
    signIn: `/login`,
    verifyRequest: `/verify`,
  },
  adapter: PrismaAdapter(prisma),
  cookies: {
    sessionToken: {
      name: 'next-auth.session-token',
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    },
    callbackUrl: {
      name: 'next-auth.callback-url',
      options: {
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    },
    csrfToken: {
      name: 'next-auth.csrf-token',
      options: {
        sameSite: 'lax',
        path: '/',
        domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
      }
    }
  }  
}

export default NextAuth(authOptions)

通过上面的 [...nextauth] 文件,我能够使其在子域上运行,因为我在域cookie中使用了 '.mysaas.com'。

但是,将自定义域映射到子域时不起作用?我该如何实现这一点?

如果我可以动态设置cookie域,以便可以将域动态设置为实际域,那么它将起作用。就像不是.mysaas.com,而是.mycustomdomain.com,如果从这个自定义域调用登录页面,那么问题就解决了。

然而,我找不到一种动态设置此cookie域的方法。任何帮助将不胜感激。

英文:

I have a NextJS application. It's a multi-tenant SaaS application.

The app provides each customer with the option to use a subdomain on our site or to map their custom domain vis CNAME.

I want to allow our customers to allow their employees to login on their subdomain site or custom domain.

export const authOptions: NextAuthOptions = {
// Configure one or more authentication providers
providers: [
EMAIL PROVIDER
// ...add more providers here
],
pages: {
signIn: `/login`,
verifyRequest: `/verify`,
},
adapter: PrismaAdapter(prisma),
callbacks: {
},
cookies: {
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
}
},
callbackUrl: {
name: 'next-auth.callback-url',
options: {
sameSite: 'lax',
path: '/',
domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
}
},
csrfToken: {
name: 'next-auth.csrf-token',
options: {
sameSite: 'lax',
path: '/',
domain: process.env.NODE_ENV === 'production' ? '.mysaas.com' : undefined,
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false
}
}
}  
}
export default NextAuth(authOptions)

With the above [...nextauth] file, I'm able to make it work with subdomains as I'm using '.mysaas.com' for domain cookie.

However, it doesn't work with a custom domain mapped to a subdomain? How can I achieve that?

If I can set the cookie domain dynamically so that I can dynamically set the domain to the actual domain, then it will work. Like instead of .mysaas.com, if I could set it to .mycustomdomain.com, if the login page is called from this custom domain, then the problem gets resolved.

However, I cannot find a way to set this cookie domain dynamically. Any help is appreciated.

答案1

得分: 1

由于NextAuth默认使用当前域名,因此完全删除NextAuth配置中的domain属性应该就可以解决问题。

英文:

Since NextAuth is using current domain by default, completely removing the domain prop from your NextAuth config should do the trick.

答案2

得分: 0

根据您的要求,您需要在配置中允许从子域和自定义域登录。这可以通过修改“cookie”部分轻松完成。

export const authOptions: NextAuthOptions = {
  // 配置一个或多个身份验证提供者
  providers: [
    // 电子邮件提供者
    // ...在这里添加更多提供者
  ],
  pages: {
    signIn: `/login`,
    verifyRequest: `/verify`,
  },
  adapter: PrismaAdapter(prisma),
  callbacks: {
    session: async (session, user) => {
      // 根据传入的请求设置会话的域
      session.domain = session?.cookies?.nextauth_url
        ? new URL(session.cookies.nextauth_url).hostname
        : undefined;

      return Promise.resolve(session);
    },
  },
  cookies: {
    sessionToken: {
      name: 'next-auth.session-token',
      options: {
        httpOnly: true,
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
    callbackUrl: {
      name: 'next-auth.callback-url',
      options: {
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
    csrfToken: {
      name: 'next-auth.csrf-token',
      options: {
        sameSite: 'lax',
        path: '/',
        secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
      },
    },
  },
};

export default NextAuth(authOptions);

如果您需要帮助,请告诉我。

英文:

As per your requirement you have to allow login from both subdomain and your custom domain in your configuration. This can be easily done by modifying cookie section.

export const authOptions: NextAuthOptions = {
// Configure one or more authentication providers
providers: [
// EMAIL PROVIDER
// ...add more providers here
],
pages: {
signIn: `/login`,
verifyRequest: `/verify`,
},
adapter: PrismaAdapter(prisma),
callbacks: {
session: async (session, user) => {
// Set the session's domain based on the incoming request
session.domain = session?.cookies?.nextauth_url
? new URL(session.cookies.nextauth_url).hostname
: undefined;
return Promise.resolve(session);
},
},
cookies: {
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
},
},
callbackUrl: {
name: 'next-auth.callback-url',
options: {
sameSite: 'lax',
path: '/',
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
},
},
csrfToken: {
name: 'next-auth.csrf-token',
options: {
sameSite: 'lax',
path: '/',
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production' ? true : false,
},
},
},
};
export default NextAuth(authOptions);

If you need help please let me know.

huangapple
  • 本文由 发表于 2023年6月18日 20:57:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/76500654.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定