Help storing and accessing tokens

[jackHedaya]

Hi

I'm having serious difficulty storing and accessing tokens using a custom provider.

Here is my custom provider:

export default function (req: NextApiRequest, res: NextApiResponse) {
  NextAuth(req, res, {
    providers: [
      {
        id: '[redacted]',
        name: '[redacted]',
        type: 'oauth',
        version: '2.0',
        state: false,
        accessTokenUrl: '[redacted]',
        authorizationUrl: `[redacted]`,
        clientId: process.env.CONSUMER_KEY,
        params: {
          grant_type: 'authorization_code',
        },
        profileUrl: '[redacted]',
        profile: (p) => {
          return {
            id: p.userId,
            accounts: p.accounts,
          }
        },
      },
    ],
    pages: {
      signIn: '/login',
    },
    callbacks: {
      signIn: async (user, account, profile) => {
        console.log(user, account, profile)
        return Promise.resolve({
          ...user,
          // name: account.userId,
          // accessToken: account.accessToken,
          ...account,
          ...profile
        })
      },
      async session(session, user) {
        // console.log(session, user)
        return session
      },
      jwt: async (token, user, account, profile, isNewUser) => {
        // console.log('jwt')
        console.log(token, user, account, profile, isNewUser)
        return Promise.resolve(token)
      },
    },
    jwt: {
      secret: process.env.JWT_SIGNING_PRIVATE_KEY,
    },
  })
}

The API returns the following format and I'm not sure Next Auth is picking it up:

{
  "access_token": string,
  "refresh_token": string,
  "token_type": string,
  "expires_in": number,
  "scope": string,
  "refresh_token_expires_in": number
}

• Calling getSession gives me { email: null, sub: 'jackehedaya', iat: 1610257797, exp: 1612849797 }.

• Printing the signIn callback, gives me this value for account without expiration or refresh_token stored. However, I'm unable to get the accessToken signed.

  provider: '[redacted]',
  type: 'oauth',
  id: 'jackehedaya',
  refreshToken: undefined,
  accessToken: '<access_token>',
  accessTokenExpires: null
}

Really struggling here, please let me know what I might be doing wrong.

[balazsorban44]

The intended place to modify the jwt token is the jwt callback, not the signIn callback. Furthermore, to send the modified jwt to the client in session, you should forward it in the session callback:

export default function (req: NextApiRequest, res: NextApiResponse) {
  NextAuth(req, res, {
    providers: [
      {
        id: '[redacted]',
        name: '[redacted]',
        type: 'oauth',
        version: '2.0',
        state: false,
        accessTokenUrl: '[redacted]',
        authorizationUrl: `[redacted]`,
        clientId: process.env.CONSUMER_KEY,
        params: {
          grant_type: 'authorization_code',
        },
        profileUrl: '[redacted]',
        profile: (p) => {
          return {
            id: p.userId,
            accounts: p.accounts,
          }
        },
      },
    ],
    pages: {
      signIn: '/login',
    },
    callbacks: {
      async jwt(token, user, account, profile) {
        if(account) { // First time jwt callback is called, we have the extra user info
          return {
            ...user,
            // name: account.userId,
            // accessToken: account.accessToken,
            ...account,
            ...profile
          })
        }
        return token // Every subsequent request should just return the previous token
      },
      async session(_, token) {
        return token // Pass the jwt to the session
      },
    },
    jwt: {
      secret: process.env.JWT_SIGNING_PRIVATE_KEY,
    },
  })
}

Please read the jwt and session callback documentation:
https://next-auth.js.org/configuration/callbacks#jwt-callback
https://next-auth.js.org/configuration/callbacks#session-callback

[jackHedaya]

Just tried, result was a new error:

API resolved without sending a response for /api/auth/session, this may result in stalled requests.
API resolved without sending a response for /api/auth/providers, this may result in stalled requests.
API resolved without sending a response for /api/auth/csrf, this may result in stalled requests.
API resolved without sending a response for /api/auth/signin/[redacted], this may result in stalled requests.
API resolved without sending a response for /api/auth/callback/[redacted]?code=myFqV4i1moO7F4jMupKN76bOaqr5lkJ3DlScsunAJG0SvKh1CZh2Sf%2F0qCZManBx2yvkl3eJFTirWoBpsAH5sY%2B9uxKOUC466CohrolJVHNc%2BpvTtcF31jBs9ZDG6UIYI6Ik%2F122MSPxve4sdOALRcFP4wKXScihaUP7%2FPnzc%2BspYJ4yAituy9O9N5pHPDNbiYtDMZWxUZs8Ah7RTaoRGxlLPbBi9b2lVFV%2FkVLywGdg62MJ%2F7n316Z0BSY8fT%2FyaBzfMKbq4LsvMp0bBLQaOdqEJQReHzbgPonwF31dvNWVEklmGRBpP7LQqvgO%2FfQrpy0%2FhlY5Q9P8dIlVdDqmzdEbkWWMXuSsNwpg0iRXNWXKs6t3f7swDKcrhXZJjszgaUAQGxqaYZ%2Fbj8SfRSrz4eOB45emwef0u79sWvBC7d%2FsT%2BKP7Z6dtsWwfw6100MQuG4LYrgoVi%2FJHHvlc8L3eySUKwMvniEjSTxqxqhn6mU1t1BTWNSo28rL%2FMKNo%2FPon3vfq9ETve3Vqr5%2Fbq6YuA333woBuFYMxRTykX9jSIZAbejPXsHz5Dk32hIoGLeTHLFmkejrYAgiwHrLMV5JB9azB59Yv7nrtmXV7FBlEjIoywwpGAQSx8Jk45b5kYTY51iIUsxzslQC3C%2FnLpJjVfCK3svHUvhcyzMESESgjS9TCo6pKWuSj76g343KPIYj8mqYefIbQfhqN0kvL%2F8RB8gl1ovBdG%2FyMZtOU8g3JN2wH7k62m4ed4rIBEiBrTzADulE0TbPLsk%2B%2Fw6PA5YxcIU3OrNRi3ezKx0RkVGbl2AGoIlT%2FOxGtnwramngOMb84eB74Zb1NcMuccO8yEd%2Bk93bzGi0cJUXGbX%2BSHSE5LCRAUZiPy3zC2NS6Vz2s0BTGqphRddNnxA%3D212FD3x19z9sWBHDJACbC00B75E&state=c7058ad79fbc90a504eed726d66ccc04389ff92aa26fb8581ffdf9587731b036, this may result in stalled requests.
[next-auth][error][oauth_callback_handler_error] [{}] 
https://next-auth.js.org/errors#oauth_callback_handler_error
API resolved without sending a response for /api/auth/error?error=Callback, this may result in stalled requests.
API resolved without sending a response for /api/auth/signin?error=Callback, this may result in stalled requests.
API resolved without sending a response for /api/auth/session, this may result in stalled requests.

Thank you so much for all your help!

[balazsorban44]

Which provider do you use?

[balazsorban44]

So I tried to reproduce it, but it works fine for me with the GitHub provider on canary.20.

Try setting the following in your package.json:

"dependencies": {
  "next-auth": "3.2.0-canary.20"
}

So there is no ^ in front of the version number. Then run yarn or npm i, and check if node_modules/next_auth/package.json's version is actually 3.2.0-canary.20, and please report back if you still get API stall request issues.

[jackHedaya]

Unfortunately, this didn't solve my issue. I tried on both 3.2.0-canary.20 and 3.2.0-canary.21

[jackHedaya]

I'm also noticing that refreshToken is not being set while printing in the if (account) block.

[jackHedaya]

A custom provider as seen above -- Best Jack

[balazsorban44]

Hmm, OK. I'll try to reproduce it later on but I just tested canary.20 before release with the github provider and it looked fine. I may have to double check it, cause it suspiciously looks like a bug in next-auth

[jackHedaya]

Sounds good, thanks again for all your help

…

-- Best Jack

[Throttle]

@jackHedaya have you tried to add
session: { jwt: true } to the option array? (based on documentation https://next-auth.js.org/configuration/options#session)

I've tested it using "next-auth": "^3.1.0".
Everything works fine.

[balazsorban44]

The docs also says:

Note: jwt is automatically set to true if no database is specified.

So this should be unnecessary to set. I'm not even sure if this property has any value at all, actually. If database is defined, it will use that. if not, jwt will be used by default.

@iaincollins ?

[Throttle]

But it is unclear from provided code example, is database configured or not.
If I do not specify jwt=true (database is configured), I have the same problem as described by @jackHedaya

[jackHedaya]

I did not set jwt set to true. I also don't think it's a factor because the jwt callback is still being ran