Kinde Auth Middleware Issue Report
Environment & Versions
- Next.js version: 15.2.2
- React version: 19.0.0
- @kinde-oss/kinde-auth-nextjs version: 2.5.3
- File extension: middleware.js (not typescript)
Issue Description
The
isReturnToCurrentPage parameter in the Kinde auth middleware is not working as expected. When included in the configuration, authentication stops working. If removed, everything works normally.
Current Middleware Implementation
import { withAuth } from "@kinde-oss/kinde-auth-nextjs/middleware"
export default function middleware(req) {
return withAuth(req, {
publicPaths: ["/"],
isReturnToCurrentPage: true,
})
}
export const config = {
matcher: [
"/((?!_next|[^?]\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).)",
],
}
Callback URLs Configuration
The following callback URLs are configured in the Kinde dashboard:
http://localhost:3000/api/auth/kinde_callback
http://localhost:3000/home
http://localhost:3000/tickets
Troubleshooting Steps Taken
Confirmed using the latest package version (2.5.3)
Tried simplifying the middleware configuration and matcher pattern
Verified that removing isReturnToCurrentPage: true resolves the issue
Confirmed callback URLs are correctly set in the Kinde dashboard
Expected Behavior
When using isReturnToCurrentPage: true, users should be redirected back to the page they were trying to access after successful authentication.
Actual Behavior
When isReturnToCurrentPage: true is included in the configuration, the authentication flow breaks. Removing this parameter makes authentication work correctly, but users are not redirected back to their original page.3 Replies
Hi,
Thanks for sharing your setup and the troubleshooting steps you’ve taken so far. I’ll replicate the issue on my side based on your configuration and get back to you with my findings.
In the meantime, could you confirm if there are any errors logged in the console or network requests when authentication fails with
isReturnToCurrentPage: true enabled? This might help narrow down the issue.
I'll follow up once I have more details.npm run dev
[email protected] dev next dev▲ Next.js 15.2.2 - Local: http://localhost:3000 - Network: http://10.10.16.210:3000 - Environments: .env.local - Experiments (use with caution): · clientTraceMetadata ✓ Starting... ○ Compiling /instrumentation ... ✓ Compiled /instrumentation in 754ms (896 modules) ✓ Ready in 2.3s ✓ Compiled /middleware in 398ms (724 modules) ○ Compiling /api/auth/[kindeAuth] ... ✓ Compiled /api/auth/[kindeAuth] in 1281ms (2252 modules) ⨯ [Error: No response is returned from route handler '/Users/quabmac/Documents/GitHub/repair-shop-app/app/api/auth/[kindeAuth]/route.tsx'. Ensure you return a
Response or a NextResponse in all branches of your handler.]
⨯ [Error: No response is returned from route handler '/Users/quabmac/Documents/GitHub/repair-shop-app/app/api/auth/[kindeAuth]/route.tsx'. Ensure you return a Response or a NextResponse in all branches of your handler.]
GET /api/auth/login?post_login_redirect_url=/home 500 in 2128ms
GET /api/auth/login?post_login_redirect_url=/home 307 in 10ms
⨯ [TypeError: Invalid URL] {
code: 'ERR_INVALID_URL',
input: 'http://localhost:3000',
base: '/home'
}
⨯ [TypeError: Invalid URL] {
code: 'ERR_INVALID_URL',
input: 'http://localhost:3000',
base: '/home'
}
GET /api/auth/kinde_callback?code=rXowwwnLTojL4tsN-wG4x9Aoh6ZFjLUCTm13Wy43C20._2kHGTWNREN0sv2LSzkMVpfEauiGFZPU0I6NnJD0mf4&scope=openid%20profile%20email%20offline&state=27dbbab936b496cb5c4f413131c1 500 in 316ms
GET /api/auth/login?post_login_redirect_url=/nextjs_original-stack-frame 307 in 7ms
GET /api/auth/login?post_login_redirect_url=/nextjs_original-stack-frame 307 in 13ms
GET /api/auth/login?post_login_redirect_url=/nextjs_original-stack-frame 307 in 14ms
GET /api/auth/login?post_login_redirect_url=/nextjs_original-stack-frame 307 in 13ms
url: http://localhost:3000/api/auth/kinde_callback?code=rXowwwnLTojL4tsN-wG4x9Aoh6ZFjLUCTm13Wy43C20._2kHGTWNREN0sv2LSzkMVpfEauiGFZPU0I6NnJD0mf4&scope=openid%20profile%20email%20offline&state=27dbbab936b496cb5c4f413131c1
Any luck?Hi,
Based on the error logs, it looks like the issue might be related to how the
post_login_redirect_url is being constructed when isReturnToCurrentPage: true is enabled. Specifically, the Invalid URL error suggests that the redirection logic may not be handling relative paths correctly.
Here are a few things you can try in the meantime:
1. Instead of relying on the default behavior, try manually constructing the redirect URL:
2. Ensure that your Kinde settings have the correct Allowed Callback URLs, Allowed Logout Redirect URLs, and Allowed Post-Login Redirect URLs. These should match the full URLs your app is using.
3. If your Next.js app has a custom basePath set in next.config.js, make sure it’s correctly considered in redirects.
4. As a debugging step, try manually setting the redirect in your login request without the middleware:
If this works, the issue is likely with how the middleware is processing the redirect.
Let me know if you still run into issues, and I can dig further into possible fixes.