v4: Allow wildcards in returnTo Allowed Logout URLs again #1883
Comments
|
Facing the same issue, as our website is like an e-commerce where user can apply coupon code. While auth is not an absolute mandatory and also coupon code can change drastically, so putting up the exact url with query params will be very much irrelevant. Other way is to always reset the url and send them back to home page but that will be bad for ux as all the query params will be lost and user have to start again. This seems not to be an issue with v3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Description
In v4 the returnTo param seems to be way more strict than it was in v3. In v3 you were able to configure wildcards
http://localhost:3000/*/about, with v4 it seems you need to explicitly set URLs in full.This is creating an issue for us, as our app has multiple languages, multiple environments (development, staging, production) AND we pass messages with the query parameters of the returnTo-URL.
Is it possible to allow wildcards in the Allowed Logout URLs again with v4? Also, you were not required to pass the full URL with host and protocol before, like
href="/auth/logout?returnTo=/en/about?message=forced_logout". Now the full URL is required and has to be exactly like in the Allowed Logout URLs setting. Can't we go back to the old implementation?Reproduction
It CAN NOT be reproduced with the example app, as the example app is not yet updated to v4. Here is an example-repo: https://github.com/larsEichler/nextjs-auth0-returnto-issue
Regular Web Appwith NextJS as frameworkAllowed Callback URLs:http://localhost:3000/auth/callbackAllowed Logout URLs:http://localhost:3000/*/aboutLogoutAdditional context
No response
nextjs-auth0 version
v4.0.0
Next.js version
v15.1.6, v14.2.23
Node.js version
v22.12.0
The text was updated successfully, but these errors were encountered: