Skip to content

Redirects require redundant setting of auth_url when using sveltekit for hosted apps #12795

New issue
New issue
Open
#13339
Open
Redirects require redundant setting of auth_url when using sveltekit for hosted apps#12795
#13339
Labels
bugSomething isn't workingtriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
@megan-starr9

Description

@megan-starr9
megan-starr9
opened on Mar 19, 2025

Environment

System:
    OS: macOS 15.3.1
    CPU: (12) arm64 Apple M2 Pro
    Memory: 153.28 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.20.2 - ~/.nvm/versions/node/v18.20.2/bin/node
    npm: 10.5.0 - ~/.nvm/versions/node/v18.20.2/bin/npm
  Browsers:
    Chrome: 134.0.6998.89
    Safari: 18.3
  npmPackages:
    @auth/core: ^0.37.4 => 0.37.4 
    @auth/drizzle-adapter: ^1.7.4 => 1.7.4 
    @auth/sveltekit: ^1.7.4 => 1.7.4

Reproduction URL

https://github.com/megan-starr9/sveltekit-auth-example

Describe the issue

We have our sveltekit project hosted in AWS ECS currently. Everything works fine until we try to provide a redirect uri to our login components. Our host url winds up being our internal aws url, so we get the container's domain name being used instead of our actual site origin. (Ex: http://app-lb-#.us-west-2.elb.amazonaws.com rather than https://site-name.com)

This can be resolved if we utilize the AUTH_URL environment variable to set the correct domain. However, the sveltekit package sets the base url for us, resulting in the following warning spamming the logs.

[auth][warn][env-url-basepath-redundant] Read more: https://warnings.authjs.dev#env-url-basepath-redundant

This is an inconvenience and annoyance at worst, but it makes it extremely hard to parse through the logs and find actual valueable information when it comes up! So it would be greatly appreciated if this could be turned off for instances when we do want both values set to correct for origin behavior.

It appears that next-auth provides this ability within the core package

next-auth/packages/core/src/lib/utils/env.ts

Line 12 in 5e07ca3

suppressBasePathWarning = false

So a fix, it seems, would be as simple as allowing this value to be provided within our auth configuration when configuring our sveltekit auth preferences!

Alternatively, if this isn't a pattern that is seen as preferred, the ORIGIN environment variable should be used to configure redirect urls. Currently the behavior sets off of the internal host when an AUTH_URL is not present, which makes this environment variable more important than might be desired!

How to reproduce

Reproduction involves hosting your web application on an aws service behind a load balancer, which makes it a bit more difficult to provide!

Something similar could be achieved, maybe, by locally recreating a load balancer pattern. Essentially, the error only occurs when your application server's host does not match the desired domain name when using the sveltekit package.

Expected behavior

Users should be able to set the auth_url and the basepath. (Alternatively, the ORIGIN environment variable should be used when determining redirect urls when present)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions