next-auth: CredentialsProvider authorize function returns status 200 and response ok when Error is thrown

Provider type

Credentials

Environment

System: OS: Windows 10 10.0.22621 CPU: (12) x64 Intel® Core™ i7-10750H CPU @ 2.60GHz Memory: 6.52 GB / 15.75 GB Binaries: Node: 18.16.0 - C:\Program Files\nodejs\node.EXE npm: 9.5.1 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Spartan (44.22621.1702.0), Chromium (113.0.1774.50) Internet Explorer: 11.0.22621.1

Reproduction URL

no-repo-easy-to-reproduce

Describe the issue

When throwing Error inside authorize method the response is 200 (which presents success).

How to reproduce

app\api\auth\[…nextauth]\route.ts file

import NextAuth from "next-auth/next";
import CredentialsProvider from "next-auth/providers/credentials";

const providers = [
  CredentialsProvider({
    credentials: {
      email: { label: "Email", type: "text" },
      password: { label: "Password", type: "password" },
    },
    async authorize(credentials) {
      // Throw error to test the response
      throw new Error("This is error message.");
      
      // Do login stuff and return user object...
      return null;
    },
  }),
];

export { handler as GET, handler as POST };

This is reponse:

{
    "error": "This is error message.",
    "status": 200,
    "ok": true,
    "url": null
}

Expected behavior

To get response with error status code. Even though it contains error param, status code should be the one which represents an error, instead of success status code.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 23
  • Comments: 30 (2 by maintainers)

Most upvoted comments

Why has no one taken a look at this issue yet, it’s been open since about 3 months???

+9
mustansirgodhrawala on Oct 1, 2023

I am getting the same error whether my login details correct or not image

+2
Maclinz on Oct 1, 2023

I’m having the issue D:

TRICK: verifying the error attribute in the signIn response if its null the login was done successful

This is actually the easiest way to get around this issue until the fix has been released.

The error object can be populated with “SessionRequired” and other things, even though it returns 200 as well. So don’t forget to check the error to handle specific cases.

return await signIn('credentials', {
      username: username,
      password: password,
      redirect: false, // Using custom auth flow
    }).then(res => {
      if (res?.error === null) {
        // Handle successful login
      } else {
        // Handle error
      }
    });
+2
mprync on Jul 27, 2023

Still same errorr i think it’s bad idea using nextauth with app router

+2
serkancagman on Oct 2, 2023

Having the exact same issue.

+2
BerenBoden on Oct 2, 2023

I tried everything, nothing works to make it return the right response when an Error is thrown.

+2
allysontsoares on Oct 2, 2023

having the same error with both next auth generated and custom login page

+2
Ferraresir on Oct 2, 2023

Was implementing a custom login page and having this exact error 👍 this bug happen only when using Route Handler.

getting the same error with the same implementation of a custom login page and route handler

+2
cdennis121 on Oct 2, 2023

I’m having the issue D: TRICK: verifying the error attribute in the signIn response if its null the login was done successful

This is actually the easiest way to get around this issue until the fix has been released.

return await signIn('credentials', {
      username: username,
      password: password,
      redirect: false, // Using custom auth flow
    }).then(res => {
      if (res?.error === null) {
        // Handle successful login
      } else {
        // Handle error
      }
    });

May I ask where to put this code? Should it be placed into the CredentialsProvider or in my POST request?

This code is calling next-auth signIn directly, so this will be called from the client UI.

I checked the docs and it’s kinda funny that this one seems to work perfectly. Thanks for sharing it! 😃

EDIT:

Just a quick reminder - you’ll always get the response using await so no need to use .then().

    // @see https://github.com/nextauthjs/next-auth/issues/7725#issuecomment-1649310412
    const res = await signIn('credentials', {
      email,
      password,
      redirect: false,
    });

    if (res?.error) {
      console.error(res.error);
      return;
    }

  // handle successful login
+1
necm1 on Jul 27, 2023

I’m having the issue D: TRICK: verifying the error attribute in the signIn response if its null the login was done successful

This is actually the easiest way to get around this issue until the fix has been released.

return await signIn('credentials', {
      username: username,
      password: password,
      redirect: false, // Using custom auth flow
    }).then(res => {
      if (res?.error === null) {
        // Handle successful login
      } else {
        // Handle error
      }
    });

May I ask where to put this code? Should it be placed into the CredentialsProvider or in my POST request?

This code is calling next-auth signIn directly, so this will be called from the client UI.

+1
mprync on Jul 27, 2023

I’m having the issue D:

TRICK: verifying the error attribute in the signIn response if its null the login was done successful

+1
edilson258 on Jul 15, 2023

Actually, I check both the error and response status as a workaround now.

+1
wzpfish on Jun 25, 2023

+1, now I can only check if error message exists…

+1
wzpfish on Oct 2, 2023

Was implementing a custom login page and having this exact error 👍 this bug happen only when using Route Handler.

+1
WeissAzura on Jun 4, 2023
Read more comments on GitHub
← next-auth: Crash on AWS Amplify build: "Building SSR... can't find mongodb"
next-auth: Crendtials provider with redirect:false - next-auth/react signIn returns status:200 ok:true with failed authentication. →