I found this workaround after a lot of fighting... //middleware.ts import { withAuth } from "@kinde-oss/kinde-auth-nextjs/middleware"; import { NextFetchEvent, NextResponse, type NextRequest } from "next/server"; export default function createDynamicAuthMiddleware( request: NextRequest, event: NextFetchEvent, ) { const forwardedHost = request.headers.get("x-forwarded-host") ?? request.headers.get("x-original-host") ?? request.headers.get("host") ?? request.nextUrl.hostname; const proto = request.headers.get("x-forwarded-proto") ?? request.nextUrl.protocol.replace(":", ""); const origin = `${proto}://${forwardedHost}`; const options = { isReturnToCurrentPage: true, loginPage: "/login", redirectURLBase: origin, publicPaths: ["/forbidden"], }; const middlewareFunction = ( req: NextRequest & { kindeAuth: { user: any; token: string } }, ) => { //in the future, do stuff here return NextResponse.next(); }; const authMiddleware = withAuth(middlewareFunction, options); if (typeof authMiddleware === "function") { const result = authMiddleware(request, event); return result; } else { return authMiddleware; } } export const config = { matcher: [ "/((?!_next|api|login|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)", ], }; //route.ts import { handleAuth } from "@kinde-oss/kinde-auth-nextjs/server"; import { NextRequest } from "next/server"; export const GET = ( request: NextRequest, ctx: { params: Promise<{ kindeAuth: string }> }, ) => { const host = request.headers.get("x-forwarded-host") ?? request.headers.get("host") ?? request.nextUrl.hostname; const protocol = request.headers.get("x-forwarded-proto") ?? request.nextUrl.protocol.replace(":", ""); const origin = `${protocol}://${host}`; const config = { siteUrl: origin, postLoginRedirectUrl: `${origin}`, postLogoutRedirectUrl: `${origin}/login`, }; return handleAuth(undefined, undefined, { config })(request, ctx); };