Next-auth downloading files on sign in
Unanswered
James posted this in #help-forum
JamesOP
Hi Everyone,
I have a client who's been happily using an app I wrote that uses Next-Auth for several months. We recently sent them updated source code after we made some changes to the code so they could build/deploy locally (his INSIST on doing it this way).
Today, I got an email saying that their security team is blocking it because it calls next-auth-js.org to download a bunch of files when someone tries to log in. I can't replicate this behavior locally, but my client thinks I have the files cached locally. I used private mode on my browser and didn't see the downloads happening.
Does anyone know why these are downloading and how I can stop it? My client suggested that I download the files and then update the app to use the local versions, but frankly, I'm not sure how I would do that.
Any other suggestions would be greatly appreciated. Thanks!
I have a client who's been happily using an app I wrote that uses Next-Auth for several months. We recently sent them updated source code after we made some changes to the code so they could build/deploy locally (his INSIST on doing it this way).
Today, I got an email saying that their security team is blocking it because it calls next-auth-js.org to download a bunch of files when someone tries to log in. I can't replicate this behavior locally, but my client thinks I have the files cached locally. I used private mode on my browser and didn't see the downloads happening.
Does anyone know why these are downloading and how I can stop it? My client suggested that I download the files and then update the app to use the local versions, but frankly, I'm not sure how I would do that.
Any other suggestions would be greatly appreciated. Thanks!
4 Replies
Toyger
ask client to provide this requests breakdown. because by default next-auth don't make any external requests. more likely they just misunderstood some local requests.
@Toyger ask client to provide this requests breakdown. because by default next-auth don't make any external requests. more likely they just misunderstood some local requests.
JamesOP
Here are the calls they are seeing go out over the API: authjs.dev/img/providers/azure.svg
telemetry.nextjs.org/
next-auth.js.org/assets/js/9acd8749.c1f7cbfc.js
next-auth.js.org/assets/js/935f2afb.c6843443.js
next-auth.js.org/assets/js/1be78505.44100ec2.js
next-auth.js.org/assets/js/c4f5d8e4.5147ac38.js
next-auth.js.org/assets/js/17896441.405cb2cc.js
next-auth.js.org/assets/js/6d790c2a.8cebd7fe.js
next-auth.js.org/assets/js/8f412c95.f061c4f0.js
next-auth.js.org/assets/js/db32d859.e611fb9c.js
next-auth.js.org/assets/js/9ff4038f.400dcfe1.js
next-auth.js.org/assets/js/4db8806d.62b11c1b.js
next-auth.js.org/assets/js/0480b142.01fd7050.js
next-auth.js.org/assets/js/c9a85fe8.543707ce.js
next-auth.js.org/assets/js/4903.d744ffb4.js
next-auth.js.org/assets/js/main.f6e62510.js
next-auth.js.org/assets/css/styles.2ef09c4b.css
next-auth.js.org/img/logo/logo-xs.png
next-auth.js.org/assets/js/runtime~main.9fe93833.js
next-auth.js.org/faq
next-auth.js.org/assets/js/7f8bfb21.c24c84cc.js
next-auth.js.org/assets/js/4fa222ed.dcb72e1b.js
next-auth.js.org/assets/js/55136eaa.3f6628c2.js
next-auth.js.org/assets/js/f1f3f6b8.cc27d3c0.js
next-auth.js.org/assets/js/0b1c216b.ec9c8526.js
next-auth.js.org/assets/js/225d76ed.d71f9a18.js
We're not seeing this on our end, and they had to "yarn install" on their end. As simple as this is, it wouldn't shock me to find out they did something wrong...
telemetry.nextjs.org/
next-auth.js.org/assets/js/9acd8749.c1f7cbfc.js
next-auth.js.org/assets/js/935f2afb.c6843443.js
next-auth.js.org/assets/js/1be78505.44100ec2.js
next-auth.js.org/assets/js/c4f5d8e4.5147ac38.js
next-auth.js.org/assets/js/17896441.405cb2cc.js
next-auth.js.org/assets/js/6d790c2a.8cebd7fe.js
next-auth.js.org/assets/js/8f412c95.f061c4f0.js
next-auth.js.org/assets/js/db32d859.e611fb9c.js
next-auth.js.org/assets/js/9ff4038f.400dcfe1.js
next-auth.js.org/assets/js/4db8806d.62b11c1b.js
next-auth.js.org/assets/js/0480b142.01fd7050.js
next-auth.js.org/assets/js/c9a85fe8.543707ce.js
next-auth.js.org/assets/js/4903.d744ffb4.js
next-auth.js.org/assets/js/main.f6e62510.js
next-auth.js.org/assets/css/styles.2ef09c4b.css
next-auth.js.org/img/logo/logo-xs.png
next-auth.js.org/assets/js/runtime~main.9fe93833.js
next-auth.js.org/faq
next-auth.js.org/assets/js/7f8bfb21.c24c84cc.js
next-auth.js.org/assets/js/4fa222ed.dcb72e1b.js
next-auth.js.org/assets/js/55136eaa.3f6628c2.js
next-auth.js.org/assets/js/f1f3f6b8.cc27d3c0.js
next-auth.js.org/assets/js/0b1c216b.ec9c8526.js
next-auth.js.org/assets/js/225d76ed.d71f9a18.js
We're not seeing this on our end, and they had to "yarn install" on their end. As simple as this is, it wouldn't shock me to find out they did something wrong...
@James Here are the calls they are seeing go out over the API: authjs.dev/img/providers/azure.svg
telemetry.nextjs.org/
next-auth.js.org/assets/js/9acd8749.c1f7cbfc.js
next-auth.js.org/assets/js/935f2afb.c6843443.js
next-auth.js.org/assets/js/1be78505.44100ec2.js
next-auth.js.org/assets/js/c4f5d8e4.5147ac38.js
next-auth.js.org/assets/js/17896441.405cb2cc.js
next-auth.js.org/assets/js/6d790c2a.8cebd7fe.js
next-auth.js.org/assets/js/8f412c95.f061c4f0.js
next-auth.js.org/assets/js/db32d859.e611fb9c.js
next-auth.js.org/assets/js/9ff4038f.400dcfe1.js
next-auth.js.org/assets/js/4db8806d.62b11c1b.js
next-auth.js.org/assets/js/0480b142.01fd7050.js
next-auth.js.org/assets/js/c9a85fe8.543707ce.js
next-auth.js.org/assets/js/4903.d744ffb4.js
next-auth.js.org/assets/js/main.f6e62510.js
next-auth.js.org/assets/css/styles.2ef09c4b.css
next-auth.js.org/img/logo/logo-xs.png
next-auth.js.org/assets/js/runtime~main.9fe93833.js
next-auth.js.org/faq
next-auth.js.org/assets/js/7f8bfb21.c24c84cc.js
next-auth.js.org/assets/js/4fa222ed.dcb72e1b.js
next-auth.js.org/assets/js/55136eaa.3f6628c2.js
next-auth.js.org/assets/js/f1f3f6b8.cc27d3c0.js
next-auth.js.org/assets/js/0b1c216b.ec9c8526.js
next-auth.js.org/assets/js/225d76ed.d71f9a18.js
We're not seeing this on our end, and they had to "yarn install" on their end. As simple as this is, it wouldn't shock me to find out they did something wrong...
Toyger
telemetry.nextjs.org/ - this one telemetry of nextjs can be disabled https://nextjs.org/telemetry
But most of this files from
they should also describe situation when this requests are happening, or ideally provide video of where they catch them
next-auth.js.org/img/logo/logo-xs.png,authjs.dev/img/providers/azure.svg this ones can be loaded from external domains it's provider iconsBut most of this files from
next-auth.js.org domain itself, like main page of it's domain, and they doesn't make sense, because next-auth don't have any telemetry or hidden iframes.they should also describe situation when this requests are happening, or ideally provide video of where they catch them
@Toyger telemetry.nextjs.org/ - this one telemetry of nextjs can be disabled https://nextjs.org/telemetry
`next-auth.js.org/img/logo/logo-xs.png`,`authjs.dev/img/providers/azure.svg` this ones can be loaded from external domains it's provider icons
But most of this files from `next-auth.js.org` domain itself, like main page of it's domain, and they doesn't make sense, because next-auth don't have any telemetry or hidden iframes.
they should also describe situation when this requests are happening, or ideally provide video of where they catch them
JamesOP
So, it turns out that the non-telemetry endpoints were NOT from the app, it was user traffic. The security guy got a little to "aggressive" in what he sent. For some reason, the telemtry endpoints where reported to them as "potential Phishing threats" but they didn't have any more information as to why. They turned of the telemtry and everythig is fine. Thanks for your help!