fix(adapter-nextjs): removing only tokens and LastAuthUser cookies #14152
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HuiSF
requested review from
sktimalsina,
cshfang and
pranavosu
as code owners
HuiSF
changed the title
joon-won
approved these changes
Jan 24, 2025
cshfang
approved these changes
Jan 24, 2025
HuiSF
changed the title
HuiSF
added a commit
that referenced
this pull request
Jan 27, 2025
HuiSF
added a commit
that referenced
this pull request
Feb 11, 2025
* feat(adapter-nextjs): add runtimeOptions.cookies to createServerRunner (#13788) * feat(aws-amplify|adapter-nextjs): add runtimeOptions.cookies to createServerRunner * chore: resolve comments * chore(adapter-nextjs): adapt the latest impl. changes * feat(adapter-nextjs): add createAuthRouteHandlers to createServerRunner (#13801) * feat(aws-amplify|adapter-nextjs): add runtimeOptions.cookies to createServerRunner * feat(adapter-nextjs): add createAuthRouteHandlers to createServerRunner * chore(adapter-nextjs): resolve comments * chore(adapter-nextjs): remove unnecessary check * feat(adapter-nextjs): server-side auth flows integrating cognito hosted UI (#13827) * chore(auth): export necessary utilities and types to support server-side auth * chore(aws-amplify): export necessary utilities to support server-side auth * feat(adapter-nextjs): server-side auth api route integrating cognito hosted ui * chore(adapter-nextjs): resolve comments * refactor(adapter-nextjs): remove redundant username fallback * feat(adapter-nextjs): add user has signed in check before initiating sign-in and sign-up (#13839) * feat(adapter-nextjs): add user has signed in check before initiating sign-in and sign-up * chore(adapter-nextjs): rename hasUserSignedIn to hasActiveUserSession * fix(adapter-nextjs): make createAuthRouteHandlers interface work in both App and Pages routers (#13840) * feat(adapter-nextjs): set cookie secure: false with non-SSL domain (#13841) * feat(adapter-nextjs): allow cookie secure: false with non-SSL domain * fix(adapter-nextjs): wrong naming and impl. of isSSLOrigin * chore(adapter-nextjs): resolve comment * refactor(adapter-nextjs): use maxAge attribute to set cookie from server to avoid clock drift (#14103) * fix(adapter-nextjs): wrong use of nullish coalescing (#14112) * refactor(adapter-nextjs): remove redundant clockDrift cookie (#14114) refactor(adapter-nextjs): remove redundant clockDrift cookie⤵️ Reasons: 1. token exachange is happening on a server - and production server rarely has wrong system time 2. when setting token cookies from server, it uses Max-Age header which is relative to the client system time. Clock drift became irrelevant 3. surely we can argue sever system time can go wrong too, however, a Next.js app API route can be executed on different servers (load balancing), there is no source of truth to generate a clock drift value * chore: enable tag publishing for server-auth (#14115) * fix(adapter-nextjs): wrong spot for checking app origin and auth config (#14119) * fix(adapter-nextjs): not await params async API in Next.js 15 (#14125) * feat(adapter-nextjs): surface redirect error and sign-in timeout error (#14116) * feat(adapter-nextjs): surface redirect error and sign-in timeout error * feat(adapter-nextjs): expose both error and errorDescription * chore(adapter-nextjs): remove unnecessary undefined fallback * chore(adapter-nextjs): add warning re: using http in production (#14134) * fix(core): generateRandomString uses Math.random() (#14132) * fix(core): generateRandomString uses Math.random() * chore(core): use better test to test actual logic * chore(aws-amplify/adapter-nextjs): remove extraneous deps (#14141) * fix(adapter-nextjs): removing only tokens and LastAuthUser cookies (#14152) * fix(adapter-nextjs): wrong cookie attributes get set sometimes (#14169) * chore: add E2E tests for next.js server auth * chore: disable tag release * fix(aws-amplify|api): internals export paths
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Generating
Set-Cookieheaders for only previous set cookies in server-side auth signOut flow.In particular:
.accessToken.idToken.refreshToken.LastAuthUserisSigningOutflagIssue #, if available
Description of how you validated changes
Checklist
yarn testpassesChecklist for repo maintainers
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.