How to use Netlify Identity with Edge Functions (SvelteKit)

Adam_Jakab · September 15, 2022, 9:44pm

Hi

I was wondering if it would be possible to use Netlify identity alongside of deploying an edge function with a catch-all pattern matching. I’m using SvelteKit with the netlify adapter that generates this manifest for the edge function.

// manifest.json
{
	"functions": [
		{
			"function": "render",
			"pattern": "^/.*$"
		}
	],
	"version": 1
}

Issue is that this also catches Netlify’s internal endpoints such as /.netlify/identity. Would there be a way to work around this? My understanding is that lookarounds are not supported in the pattern. I use netlify identity widget, which does have an optional APIUrl that I could change to something else, not sure to what exactly.

Many thanks!

hrishikesh · September 18, 2022, 1:27pm

Hi @Adam_Jakab,

I believe a temporary workaround would be to separate the use Identity on a different site and use that as the APIUrl.

However, if SvelteKit is not calling next() or something else inside the Edge Function that would allow Netlify to take over the remaining routing to let Netlify Handle the rest of the routing (in your case, routing of /.netlify/identity), I’d assume this is a bug with SvelteKit.

benmccann · January 29, 2023, 6:20pm

SvelteKit will handle all requests so that it can render the 404 page as needed. SvelteKit would not be able to render the user’s 404 page when needed if it was calling next() I’m not familiar with Netlify Identity, but I would assume it should occur before the SvelteKit handlers. This doesn’t sound like a bug in SvelteKit from the description you’ve provided.

hrishikesh · January 29, 2023, 8:17pm

It should allow Netlify internal paths to be bypassed by calling next(). .netlify/identity doesn’t need user’s 404, that should be directly passed to Netlify to handle using next().

I’d still say SvelteKit should be handling this, and not Netlify.

Unfortunately, that’s not the case. Edge Functions are meant to be used in front of all routes, users could want to protect the Identity endpoints, so the only way to bypass it is to call next() from within the function. I think, as a user you might be able to do this, but it would be better for a library or framework to handle it automatically.