nuxt-auth: NextAuth >= v4.23.0 Breaking change: - Package subpath './core' is not defined by "exports"

Exact same problem here. My workaround also was to pin next-auth, but the version I have used is from the nuxt-auth docs: next-auth@4.21.1.

So nuxt-auth docs said that we should use next-auth@4.21.1 I did that… but your solution sounds better.

Hi everyone.

Thank you for regularly checking into this issue! However, this problem will sadly not be reverted or fixed by itself. After some investigation, @BracketJohn and I have identified how we need to rewrite NuxtAuth to be compatible with NextAuth’s new system architecture.
They have done this restructuring in preparation for the release of authjs, meaning that we would need to update how we integrate with their package.

Once we have done this upgrade, we will not be compatible with NextAuth versions under 4.23. We are continuing to look into how we can best integrate the newer versions of NextAuth, without making any major code changes in our module, to ensure for a smooth transfer.

@zoey-kaiser is there a timeline for the upgrade? Would the upgrade cause major backwards incompatible changes In the way Nuxt Auth is used?

Sadly we are kind of stuck between two (non optional) solutions here.

1.) NextAuth was updated to partially use the new authjs infrastructure, which is why the breaking change happened. Rewriting our module to use their new architecture, would be a good amount of work and would need to be repeated once authjs is completely out (as we can then remove NextAuth completely) 2.) Switch to authjs under the hood, removing NextAuth completely. The issue with this, is that authjs, is still in “experimental” and is missing some features, we are still waiting for (see #117)

Also, as a sidenote, when having next-auth@4.21.1 installed, I’m getting the following vulnerability warning:

The good news about this: It does not matter for NuxtAuth. The vulnerability has to do with the middleware provided by NextAuth. As we provide our own middleware and do not use theirs, this vulnerability does not apply to NuxtAuth!

See https://github.com/advisories/GHSA-v64w-49xw-qq89

For anyone else wondering how to go about this

Just run this

npm install next-auth@4.21.1 --save-exact=true

Hi everyone!

We are now beginning this migration, for more information please keep an eye on #673. As this issue will be fixed through this migration, I will now close this issue.

Thank you for all the hard work investigating!

For anyone else wondering how to go about this Just run this npm install next-auth@4.21.1 --save-exact=true

It felt a bit weird to have to install next-auth when @sidebase/nuxt-auth includes it, adding the following to my package.json seems to work to pin the version (using npm):

"overrides": {
   "@sidebase/nuxt-auth": {
     "next-auth": "4.21.1"
   }
 },

@RicLzPt I am not sure if this will help you, but I have the same issue and it looks like it is fixed by adding npm install next-auth@4.21.1 --save-exact=true

https://stackblitz.com/edit/nuxt-starter-77eysh?file=package.json

I upgraded to 4.24.3 and this issue continue

I confirm that 4.32.2 doesn’t fix the issue, I rollback to 4.21.1 as mentioned previously.

#Hi @sduduzog and everyone else!

I just tested the newest version of NextAuth (4.23.2) and it seems to have resolved the issue! You should be able to use the newest version again, as they undid their change with the exports! Therefore I will be closing this issue!

Hey just tested this with 4.23.2 and the bug is still there. This shouldn’t be closed yet.

Do we have any possible update on this matter?

Locking version to 4.21.1 makes it work but exposes to a security issue reported on https://github.com/advisories/GHSA-v64w-49xw-qq89

Same issue. 4.22.5 works fine, but there is still a warning: Could not resolve import "next-auth/core"

Hi there, I added these two lines in the next-auth’s package.json’s export and it fixed the development version at least.

"./core": {
      "types": "./core/index.d.ts",
      "default": "./core/index.js"
    },

I know this won’t work in production and even in development it’s only a temporary fix. I’m on next-auth’s 4.24.5 version, should I revert to an older version?

Hi @sduduzog and everyone else!

I just tested the newest version of NextAuth (4.23.2) and it seems to have resolved the issue! You should be able to use the newest version again, as they undid their change with the exports! Therefore I will be closing this issue!

faced the same problem, reverting to next-auth@4.21.1 fixed it.

❌ Tested today and @sidebase/nuxt-auth@0.7.2 + next-auth@4.22.5 don’t work as the doc says.

Thanks for checking this. We also use next-auth@4.21.1 in our apps, so I will adjust the docs to recommend that version ❤️

❌ Tested today and @sidebase/nuxt-auth@0.7.2 + next-auth@4.22.5 don’t work as the doc says.

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @sidebase/nuxt-auth@0.7.2
npm ERR! Found: next-auth@4.22.5
npm ERR!   next-auth@"4.22.5" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer next-auth@"~4.21.1" from @sidebase/nuxt-auth@0.7.2
npm ERR! node_modules/@sidebase/nuxt-auth
npm ERR!   @sidebase/nuxt-auth@"^0.7.2" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: next-auth@4.21.1
npm ERR! node_modules/next-auth
npm ERR!   peer next-auth@"~4.21.1" from @sidebase/nuxt-auth@0.7.2
npm ERR!   node_modules/@sidebase/nuxt-auth
npm ERR!     @sidebase/nuxt-auth@"^0.7.2" from the root project
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR!
npm ERR! For a full report see:

✅ Working with @sidebase/nuxt-auth@0.7.2 + next-auth@4.21.1

@yuelongh Same config here. I resolved by setting NEXTAUTH_URL environment variable.

just to say other than this issue also when I used next-auth@4.22.5 and the baseURL set in auth object inside nuxt.config.ts I still get the default url which is http://127.0.0.1:3000/api/auth/signin/credentials for signinUrl and callbackURL rather then the baseURL set by myself.

next-auth@4.21.1 works okay!

same issue exists in next-auth@4.23.1, but it works with next-auth@4.21.1.

next-auth@4.21.1

I had same issue and next-auth@4.21.1 fixed it.