我正在创建一个 next js 应用程序,使用 next-auth 来处理身份验证。
我有一个外部后端 api,所以我使用 Credentials Provider。
问题是后端发送 httponly cookie,但当我在客户端发出请求时,这些 cookie 没有附加到浏览器。
在 /pages/api/[...auth].js 中
import NextAuth from 'next-auth';
import Providers from 'next-auth/providers';
import clientAxios from '../../../config/configAxios'
export default NextAuth({
providers: [
Providers.Credentials({
async authorize(credentials) {
try {
const login = await clientAxios.post('/api/login', {
username: credentials.username,
password: credentials.password,
is_master: credentials.is_master
})
const info = login.data.data.user
const token = {
accessToken: login.data.data.access_token,
expiresIn: login.data.data.expires_in,
refreshToken: login.data.data.refresh_token
}
// I can see cookies here
const cookies = login.headers['set-cookie']
return …我有一个安装了 Next-Auth 的 NextJS 前端和一个使用 Sanctum 的 Laravel 后端当我尝试使用 Next-Auth 的登录功能登录时,它给了我这个错误:
Request failed with status code 419
419 与 CSRF 令牌有关,但我在调用登录方法之前通过调用 sainttum/csrf-cookie 路由来设置令牌
[...nextauth.js]
Request failed with status code 419
apiClient.js
CredentialsProvider
({
name: 'Email and Password',
credentials: {
email: {label: "Email", type: "email", placeholder: "Your Email"},
password: {label: "Password", type: "Password"}
},
async authorize({email, password}, req) {
await apiClient.get("/sanctum/csrf-cookie");
const user = await apiClient.post('/customer/login', {
email: email,
password: password,
});
if (user) {
return user
} else {
return …