https://www.ory.sh/ logo
Join Slack
Powered by
I have a NextJS app setup with middleware via `cre...
# general
s
I have a NextJS app setup with middleware via 
createOryMiddleware(CONFIG.auth.config)
. Running locally, when I click the login link (
href="<http://localhost:3000/self-service/login/browser?return_to=http%3A%2F%2Flocalhost%3A3000>"
), I do the login flow and then am redirected back to my app. But, the session cookie fails to be set due to the lack of 
SameSite
settings on the cookie, thus 
getServerSession()
continually returns 
null
. Within the Ory Admin, I’ve set the “Same Site” to “Strict” but am seeing no change. Any suggestions?
e
It looks like you are running Ory Network, Are you using Ory tunnel via the cli to ensure the responses are all localhost so it can set the same site? It looks like the port in your url is :3000 but Ory tunnel typically runs on :4000 by default.
s
@early-magician-18981 I take it that you’re familiar with the NextJS pattern of middleware and the Ory convenience function, 
createOryMiddleware()
? I was under the understanding that this eliminates the need for Ory Tunnel. For example, this post makes no mention of Ory Tunnel: https://www.ory.sh/blog/add-auth-to-nextjs-security-best-practices
(all this is to say that I am not using Ory Tunnel)
e
I am not super deep on the nextjs side, but let me look into it in a bit and see what I can find.
gratitude thank you 1
s
Hi, any updates on this thread? Would love to be able to test auth locally
p
if you setup tunneling it will work for sure
just replace your ory sdk url for localhost:4000 and you will see that traffic gets proxied through the tunnel
I am also trying to make it work on a vercel app with a different domain and struggling quite a bit...
e
Looking at this deeper, it does look like maybe a miss on the documentation that it doesn't use Ory Tunnel. While the middleware is there, it just matches your orySdkUrl as the path and it would need to match that localhost for local dev. I would try using tunnel to see if that works for you.
s
While the middleware is there, it just matches your orySdkUrl as the path and it would need to match that localhost for local dev
I’m not sure how you arrived at this conclusion. The middleware proxies requests to Ory, thereby sidestepping the need for the tunnel: • https://github.com/ory/elements/blob/main/packages/nextjs/src/middleware/middleware.ts#L87-L95https://github.com/ory/elements/blob/main/packages/nextjs/src/utils/sdk.ts#L11-L21
e
Looking at it, while it proxies the request, it is going to have issues with localhost with Oauth2 requests, but that is besides the point here. I think I see the issue in the processSetCookiesHeaders function where it is not setting SameSite
s
No, I haven’t yet tried that, I didn’t expect that to effect the SameSite/Secure value
e
looks like that should be parsing sameSite.
so it should be in the ...cookie spread.
ahhh
Did you attempt with Lax? I am wondering, your URL there in the first message is http, it could be a mix match between sameSite and secure headers on the cookie?
b
Hi! Do you have a public repo with a reproduction? Also do you have a custom domain configured?
s
(sorry, I had stepped away)
Hi! Do you have a public repo with a reproduction?
Public Repo: Yes. https://github.com/source-cooperative/source.coop/tree/s2 Middleware Usage: https://github.com/source-cooperative/source.coop/blob/s2/src/middleware.ts#L5 (
CONFIG.auth.config
is not actually populated with anything, https://github.com/source-cooperative/source.coop/blob/s2/src/lib/config.ts#L48-L58)
Also do you have a custom domain configured?
Yes, https://auth.s2.source.coop/
Open in Slack
PreviousNext
Powered by