workos · PaulAsjes · Nov 11, 2024 · Nov 6, 2024 · Nov 6, 2024
diff --git a/README.md b/README.md
@@ -80,6 +80,13 @@ You can also control the pathname the user will be sent to after signing-in by p
 export const GET = handleAuth({ returnPathname: '/dashboard' });
 ```
 
+`handleAuth` can be used with several options.
+
+| Option           | Default     | Description                                                                                                                                                                                           |
+| ---------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `returnPathname` | `/`         | The pathname to redirect the user to after signing in                                                                                                                                                 |
+| `baseURL`        | `undefined` | The base URL to use for the redirect URI instead of the one in the request. Useful if the app is being run in a container like docker where the hostname can be different from the one in the request |
+
 ### Middleware
 
 This library relies on [Next.js middleware](https://nextjs.org/docs/app/building-your-application/routing/middleware) to provide session management for routes. Put the following in your `middleware.ts` file in the root of your project:
@@ -94,6 +101,14 @@ export default authkitMiddleware();
 export const config = { matcher: ['/', '/admin'] };
 ```
 
+The middleware can be configured with several options.
+
+| Option           | Default     | Description                                                                                            |
+| ---------------- | ----------- | ------------------------------------------------------------------------------------------------------ |
+| `redirectUri`    | `undefined` | Used in cases where you need your redirect URI to be set dynamically (e.g. Vercel preview deployments) |
+| `middlewareAuth` | `undefined` | Used to configure middleware auth options. See [middleware auth](#middleware-auth) for more details.   |
+| `debug`          | `false`     | Enables debug logs.                                                                                    |
+
 #### Custom redirect URI
 
 In cases where you need your redirect URI to be set dynamically (e.g. Vercel preview deployments), use the `redirectUri` option in `authkitMiddleware`:
@@ -282,16 +297,6 @@ Use the `refreshSession` method in a server action or route handler to fetch the
 
 The `organizationId` parameter can be passed to `refreshSession` in order to switch the session to a different organization. If the current session is not authorized for the next organization, an appropriate [authentication error](https://workos.com/docs/reference/user-management/authentication-errors) will be returned.
 
-### Debugging
-
-To enable debug logs, initialize the middleware with the debug flag enabled.
-
-```js
-import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
-
-export default authkitMiddleware({ debug: true });
-```
-
 ### Troubleshooting
 
 #### NEXT_REDIRECT error when using try/catch blocks

diff --git a/src/authkit-callback-route.ts b/src/authkit-callback-route.ts
@@ -7,7 +7,16 @@ import { getCookieOptions } from './cookie.js';
 import { HandleAuthOptions } from './interfaces.js';
 
 export function handleAuth(options: HandleAuthOptions = {}) {
-  const { returnPathname: returnPathnameOption = '/' } = options;
+  const { returnPathname: returnPathnameOption = '/', baseURL } = options;
+
+  // Throw early if baseURL is provided but invalid
+  if (baseURL) {
+    try {
+      new URL(baseURL);
+    } catch (error) {
+      throw new Error(`Invalid baseURL: ${baseURL}`, { cause: error });
+    }
+  }
 
   return async function GET(request: NextRequest) {
     const code = request.nextUrl.searchParams.get('code');
@@ -22,7 +31,10 @@ export function handleAuth(options: HandleAuthOptions = {}) {
           code,
         });
 
-        const url = request.nextUrl.clone();
+        // If baseURL is provided, use it instead of request.nextUrl
+        // This is useful if the app is being run in a container like docker where
+        // the hostname can be different from the one in the request
+        const url = baseURL ? new URL(baseURL) : request.nextUrl.clone();
 
         // Cleanup params
         url.searchParams.delete('code');

diff --git a/src/interfaces.ts b/src/interfaces.ts
@@ -2,6 +2,7 @@ import { User } from '@workos-inc/node';
 
 export interface HandleAuthOptions {
   returnPathname?: string;
+  baseURL?: string;
 }
 
 export interface Impersonator {