Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify AUTH_URL usage in documentation #12526

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

youngchingjui
Copy link

This clarifies some confusion on the usage of AUTH_URL, including its usage in production settings behind a reverse proxy.

☕️ Reasoning

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

📌 Resources

This clarifies some confusion on the usage of `AUTH_URL`, including its usage in production settings behind a reverse proxy.
Copy link

vercel bot commented Jan 22, 2025

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 22, 2025 4:14am
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview Jan 22, 2025 4:14am

Copy link

vercel bot commented Jan 22, 2025

@youngchingjui is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@@ -45,7 +45,11 @@ to `true`. This tells Auth.js to trust the `X-Forwarded-Host` header from the re

### `AUTH_URL`

This environment variable is mostly unnecessary with v5 as the host is inferred from the request headers. However, if you are using a different base path, you can set this environment variable as well. For example, `AUTH_URL=http://localhost:3000/web/auth` or `AUTH_URL=https://company.com/app1/auth`
Generally, this environment variable is inferred from the request headers in v5 and is not required. However, you should set AUTH_URL if:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Generally, this environment variable is inferred from the request headers in v5 and is not required. However, you should set AUTH_URL if:
Generally, this environment variable is inferred from the request headers in v5 and is not required. However, you should set `AUTH_URL` if:

- Your application is behind a reverse proxy that does not sanitize headers
- You are using a different base path, for example, AUTH_URL=http://localhost:3000/web/auth or AUTH_URL=https://company.com/app1/auth.

If you experience issues with redirect URIs (e.g., being redirected to localhost instead of your domain), try setting the AUTH_URL environment variable to your desired base URL.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I'm not a fan of this sentence, its a bit vague. Let's remove it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants