amplify-js: Amplify Causing Errors With Next 12 middleware
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
Next.js
Amplify APIs
Authentication
Amplify Categories
auth
Environment information
# Put output below this line
Describe the bug
We are working on updating our application up to NextJS 12. In doing so we are interested in moving the authentication check for protected pages to the new middleware feature available in next 12 (link). This code runs on the server before a request is completed. With that in mind, I went about attempting to use withSSRContext to check the users authentication status in the middleware.
import type { NextFetchEvent, NextRequest } from 'next/server';
import { Amplify, withSSRContext } from 'aws-amplify';
import { AwsConfig } from '../../../../../../src/config';
Amplify.configure({ ...AwsConfig, ssr: true });
export const middleware = async (req: NextRequest, ev: NextFetchEvent) => {
console.log('req', req);
const { Auth } = withSSRContext({ req: req });
return new Response('Hello World!');
};
As you can see above, I didn’t get too far before this already broke the app. It seems that something underlying is attempting to use window which of course is not present on server. This looks to be happening in Reachablility
Expected behavior
Authentication is checked in the same manner it would be for getServerSideProps
Reproduction steps
In a next 12 application. place a _middleware.ts or _middleware.js file in one of your page directories. In that middleware file, simply import Amplify and that should be enough to draw out the exception.
Code Snippet
import type { NextFetchEvent, NextRequest } from 'next/server';
import { Amplify, withSSRContext } from 'aws-amplify';
import { AwsConfig } from '../../../../../../src/config';
Amplify.configure({ ...AwsConfig, ssr: true });
export const middleware = async (req: NextRequest, ev: NextFetchEvent) => {
console.log('req', req);
const { Auth } = withSSRContext({ req: req });
return new Response('Hello World!');
};
Log output
// Put your logs below this line
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 52
- Comments: 62 (19 by maintainers)
@abdallahshaban557 From me and it looks like many of the folks following this I believe the main use case is to manage auth through middleware so that certain Next.js routes can be protected for logged-in users or for specific user groups.
Hello everyone, we are currently exploring what it would take for our Auth category for Amplify to function consistently with NextJS 12 Middleware. We will update this issue when we have more feedback!
I had the same problem and next-fortress didn’t quite do that trick for me, but I was able to take some of their code to create the solution below.
+1 , being able to use the new NextJS middleware with Amplify Auth without workarounds will be really great.
Hi @Amirbahal - gotcha! Thank you for sharing the details of your use case! Makes total sense on why you would want to do that in Middleware. We are currently working on fixing this issue! We will provide feedback on this issue when it is resolved.
Middleware feature is a must have! I can’t afford to put redirect code in every single page And I can’t afford to put the redirect code in client side
I hope this gets supported soon.
Unresolved since nearly 2 years 😦
We have this on our radar as a feature that we will support as part of our next major version of the Amplify JavaScript library, which is currently in development. We will provide an update when we have an ETA.
Hi @Amirbahal - unfortunately, this issue still exists with the Amplify libray for JavaScript. We do not have an exact timeline for fixing this issue - but we will share it here when we do!
The developer preview for v6 of Amplify has officially been released with improvements Next.js middleware and much more! Please check out our announcement and updated documentation to see what has changed.
This issue should be resolved within the dev preview and upcoming General Availability for Amplify v6, but let us know with a comment if there are further issues.
This 100%
Unfortunately, still no updates on this one. We don’t officially support Next.js 12 and its new features such as middleware yet.
Very interesting. I ran into the same problem and couldn’t understand why the function for node required a window, but your pursuit has cleared up that question for me.
The sandbox for running Next.js middleware is quite limited in its functionality (probably to ensure the performance of running Edge), so I hope that amplify will change its implementation to one that does not depend on process.versions.
Incidentally, I temporarily work around this problem by decoding the token (JWT) on the cookie directly.
https://github.com/aiji42/next-fortress/blob/main/src/cognito.ts https://github.com/aiji42/next-fortress#control-by-amazon-cognito
Hi @arnaringig - not yet, we’ve made some progress and have a design in mind, but we believe it will have some breaking changes. We expect this to be part of our next major version. We will provide an update when we have an ETA.
In nextjs 13 we should retrieve the token in the following way:
I have the same issue, anyone know of an alternative to this while a fix is deployed? I just want to get the:
const { Auth } = withSSRContext({ req });but trying to avoid the
getServerSidePropson every single file@fernandorosenblit - we’ve made a bit of progress in figuring out what is going on - but we are still early on in our analysis. Will keep this issue updated as we discover more!
Thank you for the feedback @Sodj! We understand this is an important feature for developers using NextJS v12.
Thank you for this. It helped become the base of us being able to work around this for now.
With the release of the latest major version of Amplify (aws-amplify@>6), this issue should now be resolved! Please refer to our release announcement, migration guide, and documentation for more information.
Hi @phstc, same on my side. I also noticed that this method:
Auth.currentAuthenticatedUser()is getting a new token all the time, but is not updating the Local Storage or Cookies so I am getting the same error as youERR_JWT_EXPIRED.Do you have updates ?
@abdallahshaban557 any update on this?
thank you for the encouragement, @harrygreen! We will!
Ji @cuginoAle - unfortunately we do not have an update yet. I will get back to you when we are closer to identifying the issue here.
I am also looking forward to the update.
Is there an update available?
@chrisbonifacio any updates / solutions found?
@aiji42 @dyeoman2 thanks for sharing your solutions. I’m trying to implement them, but I’m getting
ERR_JWT_EXPIREDafter some time (60 minutes/default ID token expiration). Even if I re-login, it seems the cookie/jwt expiration does not get updated. Did you experience this too?await jwtVerify(token, await importJWK(jwk))this is what throws the error.I can probably extend the ID Token expiration. But I’m concerned about why the re-sign-in does not update it.
Perfect - thank you so much for the feedback @jerocosio and @ArturoTorresMartinez !
We are investigating this right now @jimmysafe. We are trying to see if there is a way for us to enable this without causing breaking changes, but it might be the case that a breaking change really is necessary. We are trying our best to resolve this.
Can you please elaborate a bit on the use cases you have for middleware in your app?
@abdallahshaban557 does this page: https://aws.amazon.com/about-aws/whats-new/2022/11/aws-amplify-hosting-support-next-js-12-13/ mean that this issue is resolved?
Yes @abdallahshaban557 in a nutshell, my intention was to check the current authenticated user in the middle ware + the path of the request. If the authenticated user has access to the path the request gets fulfilled, else, user gets redirected to a different path. 😃
I was able to work around this by switching from Amplify to next-auth. Here is my next-auth cognito config: https://github.com/jetbridge/sst-prisma/blob/master/web/pages/api/auth/[...nextauth].ts
@Amirbahal - we are still investigating how to properly fix this issue. Can you please inform us what is your use case for middleware?
Thank you very much for your response. I’ll do this 🥰
@abdallahshaban557, thanks for the update. So this means the Amplify team is looking into officially supporting NextJS 12? Or are you just looking at the “Auth in Middleware” part right now? Just asking, because there is also this issue which includes more blockers as far as I know: https://github.com/aws-amplify/amplify-hosting/issues/2343 Does the AWS/Amplify internally discuss how to proceed with Next.js support and updates in the future? I’d be really nice to have a bit more clarification here (e.g. it would also be nice to use NextJS 12 support sooner for people who don’t need middleware; what will be the strategy for v13; will there ever be an AWS-official CDK construct, etc.).
+1, would like to see a solution here. At the moment, I’m toying with the idea of saving the id token to a cookie upon login and parsing the token in the middleware. Seems like a hacky alternative to the solution provided in this document.
Instead, I get this:
I am experiencing this issue as well.
I was able to get
withSSRContextworking fine ingetServerSidePropsbut I can’t use it with middleware because of nowindow.@chrisbonifacio any updates over this ?
Just switched to NextAuth instead of amplify due to this
@abdallahshaban557 Next.js outputs warning messages at build time that may be helpful, listing out the Node.js APIs that are unsupported, as well as which packages are using those APIs.
Unsupported APIs:
urlbufferprocess.versionsPackage:
@aws-amplify/auth@v5.2.1Expand for full log
I made a comment here where I’ve changed the variable type of SSR to resolve issues I was having with
next12WEB_COMPUTEgetServerSidePropsandAuth.Changing
to
Hi @abdallahshaban557, this is now a blocker for us and we need to find a solution/alternative . How close are you guys to release a fix? thanks
Any update on this? Any workaround?
Can anyone help me with this? https://stackoverflow.com/questions/74462640/how-to-handle-dynamic-list-json-of-redirects-on-nextjs-aws-amplify