Nextjs Auth helpers code in url after middleware redirect


05/25/2023, 10:35 PM
I'm following the example code from auth-helpers nextjs server components example, after successful google authentication the app redirects to my dashboard page from a middleware function . The thing is, I can see the auth code in my url search params. Is there a reason why this happens? I would like to avoid this if possible. Any help would be appreciated import { createMiddlewareSupabaseClient } from '@supabase/auth-helpers-nextjs'; import { NextResponse } from 'next/server'; import type { NextRequest } from 'next/server'; `// this middleware refreshes the user's session and must be run // for any Server Component route that uses
export async function middleware(req: NextRequest) { const res =; const supabase = createMiddlewareSupabaseClient({ req, res }); const { data: { session } } = await supabase.auth.getSession(); if (!session && req.nextUrl.pathname.startsWith('/required-session')) { // Auth condition not met, redirect to home page. const redirectUrl = req.nextUrl.clone(); redirectUrl.pathname = '/dashboard'; redirectUrl.searchParams.set(
, req.nextUrl.pathname); return NextResponse.redirect(redirectUrl); } return res; }`



05/26/2023, 12:47 AM
It is my understanding that the callback url is passed to the client at least once by default due to the nature of OAuth. If you don't want that, I think you could consider detecting the callback URL, storing it in state, and quickly switching the URL to router.replace or something.


05/26/2023, 1:00 AM
You are using the latest version of the auth-helpers with PKCE enabled. Please follow the updated guide on how to exchange this code for a session as it's necessary in the latest verison.


05/26/2023, 3:52 AM
Thanks all I'll go have a look at the latest guide. Appreciate the response