@auth0/nextjs-auth0 - v4.17.0
    Preparing search index...

    Type Alias DomainResolver

    DomainResolver: (
        config: { headers: Headers; url?: URL },
    ) => Promise<string> | string

    Resolves the Auth0 domain from request context. Called once per SDK operation in resolver mode.

    Supports both synchronous and asynchronous resolution patterns.

    Type Declaration

      • (config: { headers: Headers; url?: URL }): Promise<string> | string

      • Parameters

        • config: { headers: Headers; url?: URL }
          • headers: Headers

            Request headers from the current context. In App Router Server Components / Server Actions: obtained via headers() from next/headers. In Middleware / Route Handlers: extracted from NextRequest. In Pages Router (getServerSideProps, API Routes): extracted from IncomingMessage.

          • Optionalurl?: URL

            The request URL, when available. In Middleware / Route Handlers: the full NextRequest.nextUrl (includes pathname, search params). In Pages Router: constructed from IncomingMessage.url + Host header. In App Router Server Components / Server Actions: undefined (no request object exists). Use this for B2B multi-tenant routing where the application hostname determines the Auth0 domain.

        Returns Promise<string> | string

        The Auth0 custom domain hostname (e.g., "auth.brand1.com"). Can be returned synchronously or as a Promise. Must throw on resolution failure — the SDK wraps thrown errors in DomainResolutionError.

    The resolver is responsible for preventing Host Header injection attacks. The SDK validates the resolver's output via normalizeDomain (hostname format validation), but input validation and SSRF prevention are the customer's responsibility.

    // Header-based routing (B2C multi-brand)
    const auth0 = new Auth0Client({
      domain: ({ headers }) => {
        const host = headers.get("host") ?? "";
        if (host.startsWith("brand1.")) return "auth.brand1.com";
        if (host.startsWith("brand2.")) return "auth.brand2.com";
        return "auth.default.com";
      }
    });

    // Database lookup (B2B SaaS)
    const auth0 = new Auth0Client({
      domain: async ({ headers }) => {
        const tenantId = headers.get("x-tenant-id");
        const domain = await db.getAuth0Domain(tenantId);
        if (!domain) throw new Error(`Unknown tenant: ${tenantId}`);
        return domain;
      }
    });

    @public

    Settings

    Member Visibility