Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Do we still need middleware? #25

Answered by CrawlerCode
engin-can asked this question in Q&A
Discussion options

Does this snippet imply I don't need to use middleware for auth with with local strategy enabled?

export const authConfig: NextAuthConfig = {
 providers: [github],
 callbacks: {
 authorized: ({ auth }) => auth?.user && new Date() < new Date(auth.expires),
 },
};
You must be logged in to vote

No, this does not imply that you do not need to use middleware. The local strategy is a Payload CMS feature and is absolutely unrelated to Auth.js. enableLocalStrategy: true only allows you to combine both strategies.

General, you don't need the middlware, using it is optional. Auth.js offers you various options and you can configure it according to your requirements, depending on your use case.

The benefit of the middleware are:

  • keep the session alive
  • protecting pages (if you specify an authorized callback)

If you don't want to do this, you don't need middlware.

Replies: 2 comments 2 replies

Comment options

I am asking with relation toCVE-2025-29927. I no longer want to rely on middleware for auth...
You must be logged in to vote
1 reply
Comment options

You should not only use the middlware to protect your application. As mentioned in the Auth.js guide, you have several options to protect resources. You should protect your api routes, server components, server actions etc. separately. And bypassing the middleware has a small impact if you project your resources separately.
Comment options

No, this does not imply that you do not need to use middleware. The local strategy is a Payload CMS feature and is absolutely unrelated to Auth.js. enableLocalStrategy: true only allows you to combine both strategies.

General, you don't need the middlware, using it is optional. Auth.js offers you various options and you can configure it according to your requirements, depending on your use case.

The benefit of the middleware are:

  • keep the session alive
  • protecting pages (if you specify an authorized callback)

If you don't want to do this, you don't need middlware.
You must be logged in to vote
1 reply
Comment options

Ok, so that callback is used with the middleware. Thats what I was wondering. Thanks...
Answer selected by CrawlerCode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

AltStyle によって変換されたページ (->オリジナル) /