You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Return 401 Response on protected API routes. This change introduces a new apiRoutes param on authMiddleware.
If apiRoutes is omitted, then the following heuristic is used:
- If the route path is ['/api/(.*)', '/trpc/(.*)']
- or Request has Content-Type: application/json
- or Request method is not-GET,OPTIONS,HEAD,
then this is considered an API route.
After this commit, a 401 JSON Response is returned on the following 3 cases:
- When the authenticateRequest function returns the Unknown state.
- When the authenticateRequest function returns the Interstitial state and the route is an API route.
- When the user is signed out, the route is protected (not public), and the route is an API route. (this one happens inside our default implementation of afterAuth. If it is overwritten, then the user needs to handle this case themselves)
