Middleware redirect does not block authenticated users from /auth/* routes in App Router

[ayeshansari124]

Summary

I’m using Next.js App Router with Edge middleware and JWT-based auth.
I want to prevent authenticated users from accessing /auth/* pages
(login/register) and redirect them to their role-based dashboard.

Middleware does run and logs are printed, but the redirect is ignored
and the auth page still renders.

What I expect

If a valid auth cookie exists:

• /auth/admin-login → redirect to /admin/dashboard
• /auth/student-login → redirect to /student/dashboard

What actually happens

• Middleware logs show the route is hit
• NextResponse.redirect() is returned
• Browser still renders the auth page (200)

Additional information

Code (middleware)

`ts
export function middleware(req: NextRequest) {
  const token = req.cookies.get("token")?.value;
  const { pathname } = req.nextUrl;

  if (pathname.startsWith("/auth") && token) {
    const { role } = verifyToken(token);
    return NextResponse.redirect(
      new URL(
        role === "ADMIN"
          ? "/admin/dashboard"
          : "/student/dashboard",
        req.url
      )
    );
  }

  return NextResponse.next();
}

export const config = {
  matcher: ["/auth/:path*"],
};

Example

https://github.com/ayeshansari124/AcademIQ

[Tiimie1]

its because jsowebtoken library doesn't work in Edge Runtime. Replace jsonwebtoken with a library like jose (Edge-compatible JWT library).

Next.js middleware runs on Edge by default, but jsonwebtoken and it uses Node.js crypto APIs that aren't available there.

[ayeshansari124]

Thanks a lot! You were right that jsonwebtoken was the problem in Edge middleware. After switching to an Edge-compatible JWT library jose, redirects and role-based auth started working correctly. Really appreciate the help 🙏