Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth verification error not handled as expected #58

Open
atej opened this issue Jan 30, 2024 · 3 comments
Open

Auth verification error not handled as expected #58

atej opened this issue Jan 30, 2024 · 3 comments

Comments

@atej
Copy link

atej commented Jan 30, 2024

Setup with an Email provider. Sign in via magic link works.

The problem arises when you click on a magic link that was previously used. Expected behaviour is redirection to the error page with the search param ?error=Verification.

However, it leads to a TypeError immutable

The erring line

res.headers.delete('Set-Cookie')

This, I suspect is because the headers guard is set to immutable. More here

So, a work-around:

// ...
try {
  res.headers.delete('Set-Cookie')
} catch(error) {
  if (error instanceof TypeError) {
    const mutableHeaders = new Headers(res.headers)
    mutableHeaders.delete('Set-Cookie')
    return new Response(res.body, {
      headers: res.headers
    })
  }
}
// ...

This avoids the crash, but still no redirection to the error page, simply a 200 response.

I do see the error being logged though:

[auth][error] Verification: Read more at https://errors.authjs.dev#verification
    at Module.callback (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/lib/actions/callback/index.js:126:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthInternal (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/lib/index.js:27:24)
    at async Module.Auth (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/@auth/core/index.js:104:29)
    at async eval (/Users/aseem/Sites/astro-xata-vercel/node_modules/auth-astro/server.ts:25:17)
    at async Module.GET (/Users/aseem/Sites/astro-xata-vercel/node_modules/auth-astro/server.ts:55:14)
    at async renderEndpoint (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/runtime/server/endpoint.js:25:20)
    at async file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/endpoint/index.js:121:14
    at async callMiddleware (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/middleware/callMiddleware.js:12:10)
    at async callEndpoint (file:///Users/aseem/Sites/astro-xata-vercel/node_modules/astro/dist/core/endpoint/index.js:120:16)
13:28:47 [200] /api/auth/callback/resend 1008ms
@atej
Copy link
Author

atej commented Jan 30, 2024
edited
Loading

This is my current patch:

// ...
try {
  res.headers.delete('Set-Cookie')
} catch(error) {
  if (error instanceof TypeError) {
    return redirect(prefix + '/error?error=Verification', 303)
  }
  return redirect(prefix + '/error?error=Default', 303)
}
//...

@taciturnaxolotl
Copy link
Contributor

I just encountered this issue as well with the slack integration

@taciturnaxolotl
Copy link
Contributor

I was able to fix this issue by adding checks: ["pkce", "nonce"] to the slack config in the auth.config.mjs file

@taciturnaxolotl taciturnaxolotl mentioned this issue May 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atej @taciturnaxolotl