The signOut method in auth.ts does not delete cookies set with a custom domain. This enables custom domain cookies to be deleted by checking if a custom domain has been set for the cookie. If so, it adds the custom domain to the keys that Nextjs' ResponseCookie's delete method matches against, now finding the cookie and deleting it. (#116)

KNWR · web-flow · commit 7fa52f555fda · 2024-10-21T10:26:15.000+02:00
diff --git a/src/auth.ts b/src/auth.ts
@@ -3,7 +3,7 @@
 import { getAuthorizationUrl } from './get-authorization-url.js';
 import { cookies } from 'next/headers';
 import { terminateSession } from './session.js';
-import { WORKOS_COOKIE_NAME } from './env-variables.js';
+import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
 
 async function getSignInUrl({ organizationId }: { organizationId?: string } = {}) {
   return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
@@ -14,8 +14,11 @@ async function getSignUpUrl() {
 }
 
 async function signOut() {
-  const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
-  cookies().delete(cookieName);
+  const cookie: { name: string; domain?: string } = {
+    name: WORKOS_COOKIE_NAME || 'wos-session',
+  };
+  if (WORKOS_COOKIE_DOMAIN) cookie.domain = WORKOS_COOKIE_DOMAIN;
+  cookies().delete(cookie);
   await terminateSession();
 }
 
