Learning Tutrial Chapter 14, and "authorized" in callbacks config of auth.config.ts by using NextAuth is not triggered.

[gaomigithub]

My repo

Hello guys,

I am currently learning about Next course from offical site and doing Chapter#14 (Adding Authentication). Other features such as "login" and "signout" learned from C#14 work good.

When I am testing what I did by learning at Protecting your routes with Next.js Proxy

// auth.config.ts

import type { NextAuthConfig } from 'next-auth';
 
export const authConfig = {
  pages: {
    signIn: '/login',
  },
  callbacks: {
    authorized({ auth, request: { nextUrl } }) {
      const isLoggedIn = !!auth?.user;
      const isOnDashboard = nextUrl.pathname.startsWith('/dashboard');
      console.log('Is logged in:', isLoggedIn, 'Is on dashboard:', isOnDashboard)
      if (isOnDashboard) {
        if (isLoggedIn) return true;
        return false; // Redirect unauthenticated users to login page
      } else if (isLoggedIn) {
        return Response.redirect(new URL('/dashboard', nextUrl));
      }
      return true;
    },
  },
  providers: [], // Add providers with an empty array for now
} satisfies NextAuthConfig;

// proxy.ts

import NextAuth from 'next-auth';
import { authConfig } from './auth.config';
 
export default NextAuth(authConfig).auth;
 
export const config = {
  // https://nextjs.org/docs/app/api-reference/file-conventions/proxy#matcher
  matcher: ['/((?!api|_next/static|_next/image|.*\\.png$).*)'],
};

// package.json

{
  "private": true,
  "scripts": {
    "build": "next build",
    "dev": "next dev --turbopack",
    "start": "next start",
    "lint": "pnpm next lint"
  },
  "dependencies": {
    "@heroicons/react": "^2.2.0",
    "@tailwindcss/forms": "^0.5.10",
    "autoprefixer": "10.4.20",
    "bcrypt": "^5.1.1",
    "clsx": "^2.1.1",
    "next": "15.2.3",
    "next-auth": "5.0.0-beta.30",
    "postcss": "8.5.1",
    "postgres": "^3.4.6",
    "react": "latest",
    "react-dom": "latest",
    "tailwindcss": "3.4.17",
    "use-debounce": "^10.0.4",
    "zod": "^3.25.17"
  },
  "devDependencies": {
    "@next/eslint-plugin-next": "^16.0.1",
    "@types/bcrypt": "^5.0.2",
    "@types/node": "22.10.7",
    "@types/react": "19.0.7",
    "@types/react-dom": "19.0.3",
    "@typescript-eslint/eslint-plugin": "^8.46.3",
    "@typescript-eslint/parser": "^8.46.3",
    "eslint": "^9.39.1",
    "eslint-config-next": "^15.2.3",
    "typescript": "5.7.3"
  },
  "pnpm": {
    "onlyBuiltDependencies": [
      "bcrypt",
      "sharp"
    ]
  }
}

This feels like nothing happened. I still can direct to any URL and not being redirected to login page.

Tried some search on Google and AI but they all tell me I did correct and should be work.... Also, I can not find the log I left inside authorized. I am really confused right now.

I pushed my codes wrote in this Chapter with commit name: "Chapter 14: Adding Authentication; todo: something wrong with authConfig".

Please give me any hint you find.
Thank you soooo much!!!

[Exp1ry]

@gaomigithub It seems like you've gotten the auth.config.ts mixed up with the Middleware.

The setup you showed is incorrect.

First of all, the callbacks object is a set of methods (authorize(), jwt(), session()) that are designed to act as a callback function for when the actual functions are invoked.

For example, you have page access logic inside the authorize() callback. This callback only runs once, and only when a user signs in. This means that if I refresh the site, of course it wont run as the user already has a cookie.

Furthermore, you will need to setup the actual authorize() function that handles the signIn() logic. ==>

All access / permission related logic should be put in the middleware.ts file, as it runs on every request.