authkit middleware not working on Next 14.2

[chamini2]

my middleware.ts is similar to

import { authkit } from "@workos-inc/authkit-nextjs";
import { NextFetchEvent, NextRequest, NextResponse } from "next/server";
import {
  CSRF_COOKIE_NAME
} from "./lib/csrf";

async function csrfMiddleware(request: NextRequest, response: NextResponse) {
  const signature = "...";
  response.cookies.set(CSRF_COOKIE_NAME, signature, {
    sameSite: "strict",
    httpOnly: true,
  });
  response.headers.set("X-Frame-Options", "SAMEORIGIN");
}

export async function middleware(request: NextRequest, event: NextFetchEvent) {
  // This method will automatically handle setting the cookie and refreshing the session
  const auth = await authkit(request, {
    debug: false,
  });

  // Headers need to be included in every non-redirect response to ensure that `withAuth` works as expected
  const response = NextResponse.next({
    headers: auth.headers,
  });

  await csrfMiddleware(request, response);

  return response;
}

export const config = {
  matcher: [
    "/",
    "/demos",
    "/demos/:path*",
  ],
};

[fierysolid]

Same issue

[chamini2]

seeing this with debug

Session invalid. Refreshing access token that ends in qrng4KCikQ
Failed to refresh. Deleting cookie. [Error: Cookies can only be modified in a Server Action or Route Handler. Read more: https://nextjs.org/docs/app/api-reference/functions/cookies#cookiessetname-value-options]

[chamini2]

only happens when refreshin

[chamini2]

this is happening for the non composable solution too for me

export default authkitMiddleware({ debug: true });

[PaulAsjes]

Hi all, I was able to recreate this. Will put up a fix later today.