How to apply/trigger Deployment Protection only for Preview Deployments?
I have a project deployed that uses a free tier API with limited calls per day and I have currently disabled it during production.
I set up NextAuth via GitHub and would be able to protect one domain - my production domain with that.
I am currently using that only in my local dev environment and you have to successfully login with a GitHub account or credentials.
I applied Deployment Protection in my project settings through the dashboard, as documentation advises no other changes within the code for it to apply only to the Preview Deployments, but even with documentation I am not certain that I understand it correctly.
I set it to “Only Preview Deployments” but both Preview Deployments are still publicly accessible (tested by opening them in a private browser)
Okay, so that worked
But somehow in a different way than I expected.
It was not the way that I was expecting.
After redeployment all three URLs are now covered by my GitHub NextAuth/credentials setup - I logged in with the credentials I created for this and it looks nothing like the Deployment Protection screenshots in the documentation - no “request access” or anything
I disabled the Deployment Protection just to make sure - and yes, this was not the Deployment Protection layer, it is my NextAuth implementation.
Now I am even more confused because I want to learn how to apply the protection - also I don’t know why my NextAuth OAuth application settings are covering the Deployment URLs because the homepage URL is currently still set to the default: http://localhost:3000
My project is now currently protected, but I don’t understand why
request access option will only appear if the user is already logged in to Vercel dashboard and not part of your Vercel team where the deployment currently belongs to. You can open the URL on Incognito to test it. Once you login, it will redirect to Login – Vercel page so you can login. If you don’t belong to that specific team, it will ask to request access.
would be helpful to put in the official documentation, because it mentions none of this. I will test it with another user, but now it appears I still don’t understand how my NextAuthentication with OAuth via GitHub and credentials suddenly extends beyond my localhost:3000 to all three deployments
yes, this is the link to the Deployment Protection
It does not mention when to expect the “request access” to show up - maybe more experienced developers will know that you have to be logged in and not already be part of the team but as a layman I would have spent more time trying to figure out why it is not showing
I will prepare a screencast for the NextAuth implementation in a new topic, thanks