I'm following the example code from auth-helpers nextjs server components example, after successful google authentication the app redirects to my dashboard page from a middleware function . The thing is, I can see the auth code in my url search params. Is there a reason why this happens? I would like to avoid this if possible. Any help would be appreciated import { createMiddlewareSupabaseClient } from '@supabase/auth-helpers-nextjs'; import { NextResponse } from 'next/server'; import type { NextRequest } from 'next/server'; `// this middleware refreshes the user's session and must be run // for any Server Component route that uses

createServerComponentSupabaseClient

export async function middleware(req: NextRequest) { const res = NextResponse.next(); const supabase = createMiddlewareSupabaseClient({ req, res }); const { data: { session } } = await supabase.auth.getSession(); if (!session && req.nextUrl.pathname.startsWith('/required-session')) { // Auth condition not met, redirect to home page. const redirectUrl = req.nextUrl.clone(); redirectUrl.pathname = '/dashboard'; redirectUrl.searchParams.set(

redirectedFrom

, req.nextUrl.pathname); return NextResponse.redirect(redirectUrl); } return res; }` https://github.com/supabase/auth-helpers/blob/main/examples/nextjs-server-components/middleware.tsx

It is my understanding that the callback url is passed to the client at least once by default due to the nature of OAuth. If you don't want that, I think you could consider detecting the callback URL, storing it in state, and quickly switching the URL to router.replace or something.

You are using the latest version of the auth-helpers with PKCE enabled. Please follow the updated guide on how to exchange this code for a session as it's necessary in the latest verison.

Thanks all I'll go have a look at the latest guide. Appreciate the response