WithMiddlewareAuthRequired should return 401 for /api routes

[adamjmcgrath]

📋 Changes

/api routes protected by withMiddlewareAuthRequired should respond with a 401 for unauthenticated routes (currently it just expects UI pages so only responds with temporary redirects to the login page)

Since middleware can't respond with a body - the recommended way to do this in Next.js middleware is to create a stub api route and rewrite to that

📎 References

https://nextjs.org/docs/messages/returning-response-body-in-middleware
fixes #903

🎯 Testing

$ npm run start:kitchen-sink
$ curl -I http://localhost:3000/api/hello-world-mw
HTTP/1.1 401 Unauthorized

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Updated
nextjs-auth0	⬜️ Ignored (Inspect)		Nov 15, 2022 at 4:48PM (UTC)

[Nargonath]

Thanks for the PR @adamjmcgrath. Shouldn't we update the documentation (README.md and EXAMPLES.MD) to mention that feature?

[adamjmcgrath]

Thanks @Nargonath - I think the existing docs explain it pretty well - my expectation would be that "pages" in that context would include pages/api as well. I am however going to take another pass through the README before we release the Beta

[Nargonath]

The reason I mentioned the documentation is that from what I saw in the code it seems you give the ability to the user to override the path used to redirect API requests to the 401 API endpoint. I believe this is undocumented but perhaps I missed it.

[Nargonath]

I refer to this: https://github.com/auth0/nextjs-auth0/pull/909/files#diff-c3095d5010e65c52737a98a5d618ea24049ebe90c8470752426081d70ed6e012R527

[adamjmcgrath]

👍 yep, good point. I'm going to add some examples for your use case and will add docs for customising that path

[Nargonath]

Alright, thank you.