next-auth: @auth/core@{0.22.0 / 0.23.0 / 0.24.0} breaking custom OAuth provider
Provider type
Custom provider
Environment
Dependecies: “next”: “^14.0.4” “react”: “18.2.0” “next-auth”: “5.0.0-beta.5” “@auth/core”: “0.23.0” System: OS: macOS 14.3 CPU: (8) arm64 Apple M1 Pro Memory: 76.13 MB / 16.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 20.11.0 - ~/.nvm/versions/node/v20.11.0/bin/node npm: 10.2.4 - ~/.nvm/versions/node/v20.11.0/bin/npm pnpm: 8.14.3 - ~/.nvm/versions/node/v20.11.0/bin/pnpm bun: 1.0.25 - ~/.bun/bin/bun Browsers: Brave Browser: 120.1.61.120 Chrome: 121.0.6167.85 Safari: 17.3
Reproduction URL
https://github.com/digoburigo/nextjs-auth-custom-oauth
Describe the issue
I have this strategy in my NextAuth config
providers: [
{
id: "foo",
name: "foo",
type: "oidc",
wellKnown: `http://localhost:3002/.well-known/openid-configuration/`,
issuer: `http://localhost:3002`,
userinfo: `http://localhost:3002/userinfo/`,
jwks_endpoint: `http://localhost:3002/.well-known/jwks.json`,
token: `http://localhost:3002/token/`,
authorization: {
url: `http://localhost:3002/authorize/`,
params: { scope: "openid profile email" },
},
profile(profile, tokens) {
console.log(`tokens:`, tokens);
console.log(`profile:`, profile);
return profile;
},
clientId: "foo",
clientSecret: "bar",
} satisfies OIDCConfig<Profile>,
],
There is no need to test if login is working because error happens before this flow anyways.
version 0.21.0 working properly:
@acme/nextjs:dev: session: null
versions after 0.21.0 (0.22.0 / 0.23.0 / 0.24.0 at the moment) error occurs:
@acme/nextjs:dev: [auth][error] UnknownAction: Cannot parse action at //session .Read more at https://errors.authjs.dev#unknownaction
@acme/nextjs:dev: at parseActionAndProviderId (webpack-internal:///(rsc)/../../node_modules/@auth/core/lib/utils/web.js:98:27)
@acme/nextjs:dev: at toInternalRequest (webpack-internal:///(rsc)/../../node_modules/@auth/core/lib/utils/web.js:40:40)
@acme/nextjs:dev: at Auth (webpack-internal:///(rsc)/../../node_modules/@auth/core/index.js:75:103)
@acme/nextjs:dev: at getSession (webpack-internal:///(rsc)/../../node_modules/next-auth/lib/index.js:20:60)
@acme/nextjs:dev: at eval (webpack-internal:///(rsc)/../../node_modules/next-auth/lib/index.js:94:20)
@acme/nextjs:dev: at AuthShowcase (webpack-internal:///(rsc)/./src/app/_components/auth-showcase.tsx:18:75)
@acme/nextjs:dev: at attemptResolveElement (webpack-internal:///(rsc)/../../node_modules/next/dist/compiled/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js:1451:30)
@acme/nextjs:dev: at resolveModelToJSON (webpack-internal:///(rsc)/../../node_modules/next/dist/compiled/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js:1754:41)
@acme/nextjs:dev: at Array.toJSON (webpack-internal:///(rsc)/../../node_modules/next/dist/compiled/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js:1293:28)
@acme/nextjs:dev: at stringify (<anonymous>)
@acme/nextjs:dev: session: Error: This action with HTTP GET is not supported.
How to reproduce
There is the README.md on the github repo mentioned above on how to reproduce the error.
Expected behavior
I expect that the behavior is similar to 0.21.0 or if there is some undocumented breaking change that I need to know about.
About this issue
- Original URL
- State: closed
- Created 5 months ago
- Comments: 24 (6 by maintainers)
Commits related to this issue
- fix: fixed a bug that had next auth not work due to a AUTH_URL being set. https://github.com/nextauthjs/next-auth/issues/9819 — committed to JuanRamirez2000/RoadtripMusic by JuanRamirez2000 5 months ago
- fix: able to use AUTH_URL as per workarounds in this issue: https://github.com/nextauthjs/next-auth/issues/9819 — committed to case-framework/case-admin by phev8 3 months ago
@balazsorban44 I found out how to make it work for now. You have to set both
basePathto/api/authandAUTH_URLtohttp://localhost:3000/api/authThe issue is unrelated to what you are describing:
https://github.com/digoburigo/nextjs-auth-custom-oauth/blob/9132b314df5e562e2569050ad8ce9f1cfedf7cf3/.env.example#L13-L14
Just remove this, and all should be good! You linked to the old docs, new Auth.js libs very rarely need
AUTH_URLanymore (not even NextAuth.js v4 to be honest)Was discovered here: https://github.com/nextauthjs/next-auth/pull/9758#issuecomment-1908871938
I just had this same issue and deleting my
NEXTAUTH_URLenvironment variable and either settingbaseUrlor letting it default fixed it for meThis does work for me? If you running the server please restart the server to apply the changes; Changes: in .env file
AUTH_URL="http://localhost:3000/api/auth"in auth.js
basePath:'/api/auth'Having the same problem using 5.0.0-beta.11, I have both AUTH_URL and NEXT_PUBLIC_APP_URL due to running behind a proxy, using the standard base path. How would I solve this ?
[auth][error] UnknownAction: Cannot parse action at /session .Read more at https://errors.authjs.dev#unknownaction at parseActionAndProviderId (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/utils/web.js:102:15) at toInternalRequest (webpack-internal:///(rsc)/./node_modules/@auth/core/lib/utils/web.js:35:40) at Auth (webpack-internal:///(rsc)/./node_modules/@auth/core/index.js:84:103) at getSession (webpack-internal:///(rsc)/./node_modules/next-auth/lib/index.js:20:60) at eval (webpack-internal:///(rsc)/./node_modules/next-auth/lib/index.js:93:20) at HomePage (webpack-internal:///(rsc)/./app/page.tsx:15:69)thanks @digoburigo, by setting
AUTH_URLtohttps://foobar.com/api/authand settingbasePath: '/api/auth'finally made it work in production. I just stood up and gave you a standing ovation. 👏👏The basePath / AUTH_URL issues should be fixed with the latest next-auth release (
5.0.0-beta.16).Let us know if you’re still having issues 👍
I have the same issue with setting the AUTH_URL. I will like to use docker to deploy the next.js project so I have to set AUTH_URL to prevent next-auth redirecting to http://0.0.0.0:3000 as host.
My environment: Dependencies
next: 14.1.1-canary.61next-auth: 5.0.0-beta.11 System:The issues only occurred when I try to protect my page behind server side auth() in
'use server'page.tsxI made a minimal error reproduction to show the error message when accessing
http://localhost:3000/error-pagehttps://github.com/tntchn/next-auth-sample-project/tree/unknown-action Page without server await auth() work normally as usualHey yeah so if I were you I wouldn’t include the api folder in the language wrapping. You don’t want to translate api routes, right?
I precisely had this problem with nextjs v14.1.0 when starting production using next-auth in its version ^5.0.0-beta.13 error: [auth][error] UnknownAction: Cannot parse action in /session. Read more at https://errors.authjs.dev#unknownaction
I managed to solve it by correctly adding the .env environment variable
AUTH_URL=http://localhost:3000/api/auth and ready to compile and put my web project into production
I think we actually just added tests for docker! cc @ndom91
With these latest changes I guess everything it’s working now. I updated the reproduction repo and it’s working. Feel free to close this issue I guess. Thanks for the effort!
@balazsorban44 removing the
AUTH_URLfrom.envdid not resolve the issue. Did you try to run the project to see at least? Do I have to configure something else? even withbasePath: "/api/auth"still tries to make aGETrequest to//session