Invalid path used for auth-endpoint

[agracia-foticos]

Environment

                                                          nuxi 9:54:13

Nuxt project info: nuxi 9:54:13

---

• Operating System: Linux
• Node Version: v18.19.1
• Nuxt Version: 3.14.1592
• CLI Version: 3.20.0
• Nitro Version: 2.10.4
• Package Manager: [email protected]
• Builder: -
• User Config: srcDir, devtools, ssr, modules, pwa, css, tailwindcss, extends, runtimeConfig, compatibilityDate
• Runtime Modules: @business/[email protected], @business/[email protected], @business/[email protected], [email protected], @pinia/[email protected], @vite-pwa/[email protected]
• Build Modules: -

---

👉 Report an issue: https://github.com/nuxt/nuxt/issues/new?template=bug-report.yml
👉 Suggest an improvement: https://github.com/nuxt/nuxt/discussions/new
👉 Read documentation: https://nuxt.com

Reproduction

Invalid path used for auth-endpoint. Supply either one path parameter (e.g., /api/auth/session) or two (e.g., /api/auth/signin/githubafter the base path (in previous examples base path was:/api/auth/. Received signin,signin,wso2``

With type oauth

id: 'wso2', type: 'oauth',

Produces http://localhost:3000/api/auth/signin/signin/wso2

Describe the bug

Invalid path used for auth-endpoint. Supply either one path parameter (e.g., /api/auth/session) or two (e.g., /api/auth/signin/githubafter the base path (in previous examples base path was:/api/auth/. Received signin,signin,wso2``

With type oauth

id: 'wso2', type: 'oauth',

Produces http://localhost:3000/api/auth/signin/signin/wso2

Additional context

No response

Logs

[phoenix-ru]

Hi @agracia-foticos , thank you for reporting such issues, I will take a look today as we want to get pathing stable and robust in 0.10.

Could you please specify which version of nuxt-auth are you using?

[agracia-foticos]

Hi @agracia-foticos , thank you for reporting such issues, I will take a look today as we want to get pathing stable and robust in 0.10.

Could you please specify which version of nuxt-auth are you using?

"@sidebase/nuxt-auth": "0.10.1-alpha.1",

[phoenix-ru]

Possibly same issue: #984 (comment)

[brucetony]

This looks very similar to the issues I encountered when testing 0.10.1-alpha.1 as I mentioned in #984

[patriciorivera]

same here. Using 0.10.1-alpha.1 and google

302 Invalid path used for auth-endpoint. Supply either one path parameter (e.g., /api/auth/session) or two (e.g., /api/auth/signin/github after the base path (in previous examples base path was: /api/auth/. Received callback,google,error

thanks a lot!

[phoenix-ru]

upd: Fixed in #992

After some investigation, I believe this is a bug of [email protected] which we are using under the hood. Their next version renamed host to origin which explains why our previous url.origin was working while url.href duplicates parts of the path: nextauthjs/next-auth@6edb6dd

It's impossible to fix from our side, but it's possible to use their own workaround of not passing host/origin altogether and using headers.host instead:
nextauthjs/next-auth@6edb6dd#diff-bdb80006ca8cdcac21aaed50b7882bbc7616cdcf5b693c9a40508dc3c06b4041

I am currently trying this, but that would mean #984 would need re-testing

[phoenix-ru]

@agracia-foticos @brucetony @nam0107 @patriciorivera Please test the version from the fix PR if it solves the problem for you

npm i https://pkg.pr.new/@sidebase/nuxt-auth@992

I left the explanation in the PR body and for me this fix seems to work.

We will release 0.10.1-alpha.2 if I get positive results from you 🙂

[patriciorivera]

@agracia-foticos @brucetony @nam0107 @patriciorivera Please test the version from the fix PR if it solves the problem for you

It works for me. Thank you very much @phoenix-ru for such a quick response to the situation.

[agracia-foticos]

@agracia-foticos @brucetony @nam0107 @patriciorivera Please test the version from the fix PR if it solves the problem for you

npm i https://pkg.pr.new/@sidebase/nuxt-auth@992

I left the explanation in the PR body and for me this fix seems to work.

We will release 0.10.1-alpha.2 if I get positive results from you 🙂

Works fine!!!! please release 0.10.1-alpha.2!!! Thanks @phoenix-ru !!!

[brucetony]

@agracia-foticos @brucetony @nam0107 @patriciorivera Please test the version from the fix PR if it solves the problem for you

npm i https://pkg.pr.new/@sidebase/nuxt-auth@992

I left the explanation in the PR body and for me this fix seems to work.

We will release 0.10.1-alpha.2 if I get positive results from you 🙂

Also worked for me, tested with both base config and with a custom base URL and the endpoints resolved as expected, thanks for the quick patch!

[phoenix-ru]

FYI: Recent changes actually uncovered a lot more issues with the pathing for authjs. Some pretty serious ones, such as #973 which hit some edge-cases of Nuxt itself (i.e. of their $fetch implementation).
I am patching them and writing unit tests atm, we have to postpone merging the PR (and releasing a broken alpha.2)

[phoenix-ru]

You should be able to recheck the new PR version using the same command as above (or npm i https://pkg.pr.new/@sidebase/nuxt-auth@326781e to be sure)

[nam0107]

@phoenix-ru It works fine in my local without subpath, but when I deploy to my server, I used a subpath like /aax4 it seem has an issue about the url path

when I go to https://rpperf-gui.dev-vie.int.compax.at/aax4 without loged in, it redirect me to https://rpperf-gui.dev-vie.int.compax.at/aax4/aax4/api/auth/signin?callbackUrl=/

[UMA0626]

@phoenix-ru It works fine in my local without subpath, but when I deploy to my server, I used a subpath like /aax4 it seem has an issue about the url path

when I go to https://rpperf-gui.dev-vie.int.compax.at/aax4 without loged in, it redirect me to https://rpperf-gui.dev-vie.int.compax.at/aax4/aax4/api/auth/signin?callbackUrl=/

I was able to reproduce the same problem.
("@sidebase/nuxt-auth": "https://pkg.pr.new/@sidebase/nuxt-auth@326781e")
Adding defaultProvider: 'google' to auth.provider improved the situation.

[nam0107]

@UMA0626 but I don't use google as a provider, do you have any idea?

[phoenix-ru]

@phoenix-ru It works fine in my local without subpath, but when I deploy to my server, I used a subpath like /aax4 it seem has an issue about the url path

@nam0107 I need way more information from you to reproduce it. Could you please fork this repo and use playground-authjs for a reproduction? I think that you are using some Nuxt options related to paths, which make the app behave so. I suspect that you have set Nuxt baseURL which leads to Nuxt automatically adding it to every navigation.

Note that you can always set disableInternalRouting: true. This will have slight performance penalty, but it will force the module to always use absolute paths when navigating/making queries.

[nam0107]

@phoenix-ru you are correct, I'm using Nuxt baseURL, how can I fix that, should I remove that config?

[phoenix-ru]

upd: Actually doing signin in production mode seems to reproduce, looking into it.

---

@phoenix-ru you are correct, I'm using Nuxt baseURL, how can I fix that, should I remove that config?

As said, if you could provide a quick reproduction using playground-authjs, I can attempt to fix it so that you don't need to disableInternalRouting. So far, setting

  app: { baseURL: '/aax4', },

and providing

AUTH_ORIGIN=http://localhost:3000/aax4/api/auth

seems to work for me. It correctly redirects me to http://localhost:3000/aax4/api/auth/signin?callbackUrl=%2Fprotected%2Fglobally in both development and production.

[nam0107]

@phoenix-ru let me try it, if it not work I wil provide a quick reproduction using playground-authjs or maybe we can have a quick session, I will show you quickly. Can you ping me in email?
My email: [email protected]

[nam0107]

upd: Actually doing signin in production mode seems to reproduce, looking into it.

@phoenix-ru you are correct, I'm using Nuxt baseURL, how can I fix that, should I remove that config?

As said, if you could provide a quick reproduction using playground-authjs, I can attempt to fix it so that you don't need to disableInternalRouting. So far, setting

app: { baseURL: '/aax4', },
and providing

AUTH_ORIGIN=http://localhost:3000/aax4/api/auth

seems to work for me. It correctly redirects me to http://localhost:3000/aax4/api/auth/signin?callbackUrl=%2Fprotected%2Fglobally in both development and production.

@phoenix-ru
In local with subpath, it also work for me
when I deploy it to my domain, I point this url https://rpperf-gui.dev-vie.int.compax.at/aax4 the app, not only https://rpperf-gui.dev-vie.int.compax.at, it has the duplicate isssue 🥲

[phoenix-ru]

@nam0107 Thank you for your report, I seem to have fixed it by resolving callbackUrl provided to useAuth functions.
So if you do signIn({ callbackUrl: '/my-custom-callback' }), it will automatically resolve to /aax4/my-custom-callback, which gets rid of 404 you are experiencing 🙂

I am testing it further and will push my changes to the same PR later today, so you'd be able to test it.

I am not sure though that it would resolve exactly your issue, so let's iterate

[phoenix-ru]

@nam0107 The new version is out, I tested your usecase specifically and did quite some changes to callbackUrl computations which should benefit both authjs provider usage and local as well. Please test it and leave your feedback 🙂

npm i https://pkg.pr.new/@sidebase/nuxt-auth@fff679c

[nam0107]

@phoenix-ru I upgraded to this version https://pkg.pr.new/@sidebase/nuxt-auth@fff679c
but it throw 500 [nuxt] instance unavailable when the first time I access https://rpperf-gui.dev-vie.int.compax.at/aax4 then it redirect me to https://rpperf-gui.dev-vie.int.compax.at/aax4/login?callbackUrl=https://rpperf-gui.dev-vie.int.compax.at
with wrong callbackUrl=https://rpperf-gui.dev-vie.int.compax.at
I expect it should be https://rpperf-gui.dev-vie.int.compax.at/aax4
Could we have a quick session, I will show you the issue directly?

video: https://www.loom.com/share/c87328f584d84c1eb09d9cfb107df371?sid=895ac817-55dc-4d74-a7e0-ecc488ecc790