next-auth: next-auth is not working with Next 12.2.3
Environment
System:
OS: Windows 10 10.0.22000
CPU: (8) x64 Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Memory: 2.23 GB / 15.94 GB
Binaries:
Node: 16.13.0 - ~\scoop\apps\nvm\current\nodejs\nodejs\node.EXE
Yarn: 1.22.19 - ~\scoop\apps\yarn\current\bin\yarn.CMD
npm: 8.1.0 - ~\scoop\apps\nvm\current\nodejs\nodejs\npm.CMD
Watchman: 20210110.135312.0 - C:\ProgramData\chocolatey\bin\watchman.EXE
Browsers:
Edge: Spartan (44.22000.120.0), Chromium (103.0.1264.62)
Internet Explorer: 11.0.22000.120
npmPackages:
next: latest => 12.2.3
next-auth: latest => 4.10.2
react: ^18.2.0 => 18.2.0
Reproduction URL
https://github.com/RafalFilipek/next-auth-bug
Describe the issue
After login, you get login page again. Cookies are set and everything looks good. But you can’t access your app. It works with 12.2.2 and below.
How to reproduce
- clone
https://github.com/RafalFilipek/next-auth-bug - setup any provider in
[...nextauth].ts - try to login
Expected behavior
Login process should work as expected.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 39
- Comments: 53 (9 by maintainers)
An update here, we’ve identified the issue in Next.js and are working on a fix. This should only affect local development, deployments to eg.: Vercel should work fine!
Update, a fix is coming to
nexthttps://github.com/vercel/next.js/pull/39450I debugged it into next auth code. The following error is thrown from jose:
and catched here and null is returned: https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/jwt/index.ts#L115`
No idea what changed in next that this happened. The error is thrown when the payload is decrypted. But the secret and derived encryption key are the same. The token that is sent from the client is the same as the one received on the server. So that is pretty strange.
Maybe the encryption is the problem? idk ^^
Upgrade to next latest 12.2.5 seem solve the problems.
version next and next-auth
code example
Adding
session: { strategy: "jwt" }inauthOptionsworked for me. Thank youI’m still running into this issue not matter what versions of either package I run; is it something that is cached in Vercel and I can’t get around? I’m at a loss now, this has been about 2 weeks of work trying everything I can to get it fixed and still not finding a workable solution.
Currently working for me, local & Vercel, with the following versions:
node.js:
16.16.0npm:8.11.0next:12.2.2- I downgraded from 12.2.3 because it was hitting the middleware and going straight back to login, throwing an infinite loop. next-auth:4.10.3nvm-windows:1.1.9- this isn’t required, but figured I’d mention it as it’s part of my local set up for switching between node versions.middleware.ts
I confirm that upgrading next (from 12.2.2, not working) to 12.2.5 fixes this issue.
I was using Twitter provider. Here’s my code if anyone’s interested or struggling 🧐:
./src/middleware.js:./src/pages/api/[...nextauth].tsv12.2.5-canary.2or newer should now include the fix. Please upgrade usingnpm i next@canaryor wait for thelatestrelease (likely soon). Closing as this is now fixed in Next.js and wasn’t a NextAuth.js issue to begin with. 👍Hmm. @ThangHuuVu might be right. I am able to reproduce this starting with
12.2.3-canary.17, so something might have happened in https://github.com/vercel/next.js/compare/v12.2.3-canary.16...v12.2.3-canary.17. I have a lead, so I’ll talk with the Next.js team to confirm if it’s a bug there, but I think it is very likely.@joaogarin it’s hard to say anything without a reproduction. If you think this issue is unrelated, I suggest opening a separate one with your repo to keep issues focused. 🙏
I’ve tested next@12.2.3 and can confirm this is an issue, not sure about the root cause though. @balazsorban44 maybe you could tell if this is an upstream issue?
I believe I ran into the same issue, downgrading to next 12.2.2 appears to have fixed my problem. When accessing the token in middleware.ts, the token was always null, even though console logs of the jwt callback showed the token as valid. And if you
return trueinside middleware, all auth functionality appears to work normally.Here is the middleware.ts I was using.
@thejessewinton I have the same problem. I 12.2.5, 12.2.2, a bunch of canaries. none of them seems to work
Next 12.2.0 next-auth 4.10.2 working in local but not in Vercel. token returns null
This is not working in next v13.1.6
Kind of off-topic, but I highly discourage using .env files, especially with prod secrets, in your files or repository.
After installing canary
v12.2.5-canary.2I’m getting the following errors in console. Also defined sign-in url in config doesn’t work, probably breaks next auth entirely. But everything still works fine with Next v12.2.2 : “next”: “^12.2.5-canary.2”, “next-auth”: “^4.10.3”, MacOS 12.5[…nextauth].ts file : Removing middleware file or mongodb adapter and JWT fields from config won’t make a difference. App is wrapped with SessionProvider
I am not sure, I have this issue with “next”: “^12.2.3”, “next-auth”: “^4.10.3”, on Linux
Works like a charm by downgrading next to “12.2.2”
dealt with the same issue running next v13.2.4
what fixed it was adding the following into my
authOptionsin[...nextauth].ts:session: { strategy: 'jwt', },credits to: https://stackoverflow.com/questions/75731964/next-auth-middleware-and-protected-folder/75732207#75732207
v12.2.5-canary.3resolves this issue for me, whilev12.2.5-canary.4has another problem that breaks next-authIf anyone interested in making sure this won’t happen in the future, it would be cool to add a cron job/ github action in our CI to ensure we discover issues like this early on, by running tests against the latest
canaryof Next.js once a day.Same here, I am new to nodeJS, next etc… I come from the Java world so I know what I am doing but I’ve been pulling my hair trying to resolve this and downgrading doesn’t solve the issue. I made a simple reproducer but nothing seems to work. Although the token is not null in the jwt callback of […nextauth].js
Same here : “next”: “^12.2.4”, “next-auth”: “^4.10.3”, MacOS 12.5
I’m having this issue on localhost. Token returns null. Downgrading next to 12.2.2 fixed it.
After I wasted my entire day yesterday because of this null token issue, I wanted to share my working solution in case it helps someone. It must be located on the same level with pages folder. NextJS removed support for using multiple middleware files (Next Auth documentation is outdated) , so everything must be handled in single middleware.ts :
I found the problem to be an injected polyfill of
TextDecoderthat always returns'', i didn’t manage to reproduce the error in a smaller repro thoThe bug is in Next.js edge runtime code, next auth cannot do anything to fix it
This issue seems to be exacerbated by using the wrong Node version. I had to downgrade to next 12.2.2 and make sure I’m using Node v14.
(This is for standalone deployments in docker)