auth0
Allow customization of `/auth/access-token` and `/auth/profile` URLs via `Auth0ClientOptions`
Checklist
- [x] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- [x] I have looked into the API documentation and have not found a suitable solution or answer.
- [x] I have searched the issues and have not found a suitable solution or answer.
- [x] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- [x] I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
My application utilizes HTTP rewrites to offer multi-tenant subdomains like in: https://vercel.com/templates/next.js/platforms-starter-kit
I'd like to configure access token and profile routes because I am instantiating tenant-specific Auth0Clients at request time based on the accessed subdomain
Describe the ideal solution
Instead of:
export type RoutesOptions = Partial<Pick<Routes, "login" | "callback" | "logout" | "backChannelLogout">>;
This:
export type RoutesOptions = Partial<Routes>;
Also update functions getAccessToken and useUser
Alternatives and current workarounds
No response
Additional context
No response
Hi @spigelli 👋
Thank you for opening this, I took a look at this and this seems like a reasonable enhancement that would enable more flexible route configuration patterns. We'll consider this for a future release.
Would you be interested in contributing a PR for this change? The main changes would be:
- Update the
RoutesOptionstype definition - Update the functions that consume these routes (
getAccessToken,useUser) to respect the programmatically configured routes - Update the documentation
Meanwhile, we have added this feature to our planning and will be working on this as well.
I’ve been working on this issue and made the changes as suggested by @tusharpandey13.
- [x] Updated the
RoutesOptionstype definition - [ ] Updated the functions that consume these routes (
getAccessToken,useUser) to respect the programmatically configured routes
After setting custom routes for profile and accessToken in Auth0Client, the server-side methods (auth0.getSession and auth0.getAccessToken) work correctly without any modification.
However, for the client-side helpers getAccessToken and useUser (which currently rely on environment variables or hardcoded routes to fetch data), there’s no clean way to automatically retrieve the custom routes defined in Auth0Client, since those routes are private.
Injecting the routes into the global window object could be a possible workaround, but it doesn’t seem like an intended or reliable approach.
Additionally, the withPageAuthRequired helper in src/client also references the login route (which can be customized), and the docs mention setting the NEXT_PUBLIC_LOGIN_ROUTE environment variable to configure it.
In the case of a multi-tenant app, where each tenant corresponds to a different subdomain (handled by middleware that redirects to a dynamic route like /s/[subdomain]), we need dynamic runtime route values for the URLs used by useUser and getAccessToken. Environment variables, however, are static at build time.
My proposed approach is to introduce optional accessTokenRoute and profileRoute parameters in the getAccessToken and useUser helpers, respectively.
These would:
- Use the provided route values if available
- Fall back to environment variables or default paths for backward compatibility
@tusharpandey13 I took a stab at it with https://github.com/auth0/nextjs-auth0/pull/2451. As far as I can tell everything works as expected.
