Environment
|
|
| Operating system |
Windows 10.0.19045 |
| CPU |
13th Gen Intel(R) Core(TM) i5-13400F (16 cores) |
| Node.js version |
v22.17.0 |
| nuxt/cli version |
3.33.1 |
| Package manager |
npm@11.2.0 |
| Nuxt version |
4.3.1 |
| Nitro version |
2.13.1 |
| Builder |
vite@7.3.1 |
| Config |
app, auth, build, colorMode, compatibilityDate, css, devtools, eslint, modules, routeRules, runtimeConfig, sourcemap, ssr, vite |
| Modules |
@nuxt/eslint@1.15.1, @nuxt/ui@4.4.0, @nuxt/image@2.0.0, @pinia/nuxt@0.11.3, @sidebase/nuxt-auth@1.2.0 |
Reproduction
https://stackblitz.com/edit/github-hfvvgtov
Describe the bug
I encountered an issue where creating a custom server route under /api/auth/signin conflicts with nuxt-auth's internal AuthJS endpoints and results in an Invalid path used for auth-endpoint error when accessing protected routes after logout.
Error:
Invalid path used for auth-endpoint. Supply either one path parameter (e.g., `/api/auth/session`) or two (e.g., `/api/auth/signin/github` after the base path (in previous examples base path was: `/api/auth/`. Received `undefined`
Additional context
When accessing a protected route while unauthenticated, nuxt-auth redirects to:
/api/auth/signin?callbackUrl=...
If a user-defined server route exists at:
server/api/auth/signin.post.ts
it overrides the internal AuthJS handler for /api/auth/signin.
As a result:
- The internal sign-in logic is never executed
- Endpoint resolution fails
- The error Received undefined is thrown
Important Observation
If I rename the custom route to:
server/api/auth/sign-in.post.ts
(or anything other than signin)
everything works correctly.
So the conflict occurs specifically when the file name matches the exact internal endpoint path (signin).
Logs
WARN [Vue Router warn]: No match found for location with path "/api/auth/signin?callbackUrl=%2protected"
WARN [Vue Router warn]: No match found for location with path "/api/auth/signin"
It would help if:
- The documentation clearly states that /api/auth/* is fully reserved.
- Or the module detects and warns when a user-defined server route overrides an internal auth endpoint.
Additionally, if there were explicit logs indicating that an internal auth route was being overridden by a user-defined server route, it would have been much easier to diagnose. The absence of such logs made this issue significantly harder and more time-consuming to figure out.
Environment
Windows 10.0.1904513th Gen Intel(R) Core(TM) i5-13400F (16 cores)v22.17.03.33.1npm@11.2.04.3.12.13.1vite@7.3.1app,auth,build,colorMode,compatibilityDate,css,devtools,eslint,modules,routeRules,runtimeConfig,sourcemap,ssr,vite@nuxt/eslint@1.15.1,@nuxt/ui@4.4.0,@nuxt/image@2.0.0,@pinia/nuxt@0.11.3,@sidebase/nuxt-auth@1.2.0Reproduction
https://stackblitz.com/edit/github-hfvvgtov
Describe the bug
I encountered an issue where creating a custom server route under
/api/auth/signinconflicts with nuxt-auth's internal AuthJS endpoints and results in an Invalid path used for auth-endpoint error when accessing protected routes after logout.Error:
Additional context
When accessing a protected route while unauthenticated, nuxt-auth redirects to:
If a user-defined server route exists at:
it overrides the internal AuthJS handler for /api/auth/signin.
As a result:
Important Observation
If I rename the custom route to:
(or anything other than signin)
everything works correctly.
So the conflict occurs specifically when the file name matches the exact internal endpoint path (signin).
Logs
It would help if:
Additionally, if there were explicit logs indicating that an internal auth route was being overridden by a user-defined server route, it would have been much easier to diagnose. The absence of such logs made this issue significantly harder and more time-consuming to figure out.