SignIn callback error when using NextAuth with oauth_get_access_token_error and oauth_callback_error #3038
Replies: 29 comments 14 replies
-
I tried it with the same result in next-auth-example |
Beta Was this translation helpful? Give feedback.
-
Unfortunately, I am not familiar with moneybutton, but if you add At a first glance, your configuration looks good. Did you remember to add |
Beta Was this translation helpful? Give feedback.
-
Process finishes on
and later
and from here
this is server log with
and here are request and response headers from signIn and error
|
Beta Was this translation helpful? Give feedback.
-
maybe its about clientId and clientSecret encoding? |
Beta Was this translation helpful? Give feedback.
-
I just recently upgraded my stack to 3.17.2 and ever since i'm seeing similar behavior. I wasn't getting this before. |
Beta Was this translation helpful? Give feedback.
-
What OAuth provider are you using? |
Beta Was this translation helpful? Give feedback.
-
Could you see if this hacky way of doing this solves your problem? #950 (comment) if yes, we at least know a way that should work. |
Beta Was this translation helpful? Give feedback.
-
Unfortunately it doesn't, i'm still getting this errors:
My implementation is the same as before but i've added this lines to node_modules/next-auth/dist/server/lib/oauth/client.js
|
Beta Was this translation helpful? Give feedback.
-
@michalscislowski is this still an issue? How do you think we should proceed to be work this out? I would like to be 100% sure if the error comes from your configuration or from our side. |
Beta Was this translation helpful? Give feedback.
-
I am getting a similar issue with Zotero:
Here is my custom provider config:
|
Beta Was this translation helpful? Give feedback.
-
I'm also having a similiar issue when trying to make login with Github built-in provider, the login succeeds on Github side, but on debug log the following is shown and it is redirected to
I'm using version |
Beta Was this translation helpful? Give feedback.
-
@luisbaldissera it seems to be a different issue. as the message says, you probably have wrong credentials. I would check the client secret as well as the credentials provided under login See https://next-auth-example.vercel.app/ for a deployed github example |
Beta Was this translation helpful? Give feedback.
-
@buccalon @michalscislowski we've just released a first beta of our next major version, NextAuth v4. Could you let us know if the issue still persists there? We're using a more modern oauth library under the hood that supports stuff like the |
Beta Was this translation helpful? Give feedback.
-
I got the same issue too with V3. And when I tried in v4, I got the error below.
|
Beta Was this translation helpful? Give feedback.
-
@EpicHigh hard to tell anything of your use-case without a reproduction/code example library versions, etc. I would open a different issue following our issue forms. |
Beta Was this translation helpful? Give feedback.
-
@balazsorban44 Thank you for your response. I used the next-auth version Here's is my import NextAuth from "next-auth"
import {providers} from "next-auth/client";
const oauth2 = 'http://xxxx.ngrok.io'
// For more information on each option (and a full list of options) go to
// https://next-auth.js.org/configuration/options
export default NextAuth({
// https://next-auth.js.org/configuration/providers
providers: [
{
id: "my-oauth",
name: "my-oauth",
type: "oauth",
version: "2.0",
accessTokenUrl: `${oauth2}/oauth2/token`,
clientId: "my_id",
clientSecret: "my_secret",
authorizationUrl: `${oauth2}/oauth2/authorize?client_id=my_id&code_challenge=XXXX&code_challenge_method=S256&response_type=code`,
scope: '',
params: { grant_type: 'authorization_code', },
profileUrl: '',
protection: 'pkce',
profile(profile, tokens) {
console.log(profile, tokens)
return {
id: '1234',
name: 'foo',
email: 'bar',
image: ''
}
}
}
],
// Database optional. MySQL, Maria DB, Postgres and MongoDB are supported.
// https://next-auth.js.org/configuration/databases
//
// Notes:
// * You must install an appropriate node_module for your database
// * The Email provider requires a database (OAuth providers do not)
// database: process.env.DATABASE_URL,
// The secret should be set to a reasonably long random string.
// It is used to sign cookies and to sign and encrypt JSON Web Tokens, unless
// a separate secret is defined explicitly for encrypting the JWT.
// secret: process.env.SECRET,
// session: {
// Use JSON Web Tokens for session instead of database sessions.
// This option can be used with or without a database for users/accounts.
// Note: `jwt` is automatically set to `true` if no database is specified.
// jwt: true,
// Seconds - How long until an idle session expires and is no longer valid.
// maxAge: 30 * 24 * 60 * 60, // 30 days
// Seconds - Throttle how frequently to write to database to extend a session.
// Use it to limit write operations. Set to 0 to always update the database.
// Note: This option is ignored if using JSON Web Tokens
// updateAge: 24 * 60 * 60, // 24 hours
// },
// JSON Web tokens are only used for sessions if the `jwt: true` session
// option is set - or by default if no database is specified.
// https://next-auth.js.org/configuration/options#jwt
// jwt: {
// A secret to use for key generation (you should set this explicitly)
// secret: 'INp8IvdIyeMcoGAgFGoA61DdBglwwSqnXJZkgz8PSnw',
// Set to true to use encryption (default: false)
// encryption: true,
// You can define your own encode/decode functions for signing and encryption
// if you want to override the default behaviour.
// encode: async ({ secret, token, maxAge }) => {},
// decode: async ({ secret, token, maxAge }) => {},
// },
// You can define custom pages to override the built-in ones. These will be regular Next.js pages
// so ensure that they are placed outside of the '/api' folder, e.g. signIn: '/auth/mycustom-signin'
// The routes shown here are the default URLs that will be used when a custom
// pages is not specified for that route.
// https://next-auth.js.org/configuration/pages
// pages: {
// signIn: '/auth/signin', // Displays signin buttons
// signOut: '/auth/signout', // Displays form with sign out button
// error: '/auth/error', // Error code passed in query string as ?error=
// verifyRequest: '/auth/verify-request', // Used for check email page
// newUser: null // If set, new users will be directed here on first sign in
// },
// Callbacks are asynchronous functions you can use to control what happens
// when an action is performed.
// https://next-auth.js.org/configuration/callbacks
callbacks: {
async signIn(user, account, profile) {
console.log('signIn')
return true
},
// async redirect(url, baseUrl) { return baseUrl },
session(session, user) {
console.log(session, 'session', user, 'user')
return session
},
// async jwt(token, user, account, profile, isNewUser) { return token }
},
// Events are useful for logging
// https://next-auth.js.org/configuration/events
// events: {},
// Enable debug messages in the console if you are having problems
debug: true,
}) I followed the example that I found in this https://github.com/nextauthjs/next-auth-example, and I twisted a bit. |
Beta Was this translation helpful? Give feedback.
-
the problem might be the code challenge in the authorization url. it's not something you should set manually. a profile url is also necessary, I think. |
Beta Was this translation helpful? Give feedback.
-
i got a same error, how can i solve the problem [next-auth][error][oauth_get_access_token_error]
https://next-auth.js.org/errors#oauth_get_access_token_error Error: connect ETIMEDOUT 142.251.43.13:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
errno: -4039,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '142.251.43.13',
port: 443
} undefined undefined
[next-auth][error][oauth_get_access_token_error]
https://next-auth.js.org/errors#oauth_get_access_token_error Error: connect ETIMEDOUT 142.251.43.13:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
errno: -4039,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '142.251.43.13',
port: 443
} google 4/0AX4XfWjt2kBq3XoOFcGB90rsuNWpiEySmQncXoATfVpFiKtpkbXH7d3008xk_9qcE0JELg
[next-auth][error][oauth_callback_error]
https://next-auth.js.org/errors#oauth_callback_error Error: connect ETIMEDOUT 142.251.43.13:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
errno: -4039,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '142.251.43.13',
port: 443
} providers: [
Providers.Google({
clientId: process.env.GOOGLE_ID,
clientSecret: process.env.GOOGLE_SECRET,
}),
], |
Beta Was this translation helpful? Give feedback.
-
Please provide a reproduction if you want help. I cannot verify that this is related to the OP's issue, so I would recommend opening a new discussion/question. |
Beta Was this translation helpful? Give feedback.
-
Double check file name |
Beta Was this translation helpful? Give feedback.
-
Same Problem , But Not solved still now |
Beta Was this translation helpful? Give feedback.
-
Interestingly, this error can occur if your GitHub |
Beta Was this translation helpful? Give feedback.
-
What worked for me was to completely delete the current GCP credentials you have now. Create a new one which will provide you a new client_id and client_secret. Plug those into your env variables. Fixed callback error issue. |
Beta Was this translation helpful? Give feedback.
-
I am facing a similar issue. I have a website deployed on Vercel and from there, I need to authenticate on a server using oauth and the method "authorization code grant". If the client secret contains special characters (e.g. MaDUD&#pO9k$) the authentication fails and I get an error message that says 'invalid_client'. When I remove the special characters from the secret (MaDUDpO9k), it works fine and I am able to authenticate. The problem is that we really want to use special characters in the client secret. Is it a Vercel issue? |
Beta Was this translation helpful? Give feedback.
-
same here... https://forum.strapi.io/t/user-authentication-with-next-js-and-strapi/6289/33 |
Beta Was this translation helpful? Give feedback.
-
I have the same trouble here, I did not solve it, but I thought it may be caused by connection of your database, my problem occurs with google connection button and I use aws server, when google use google cloud and those servers apparently uses different type of data cover up and when connected it have some issues. At the same time github connection button works successfully without any errors. |
Beta Was this translation helpful? Give feedback.
-
WHY IS NEXT-AUTH SO FULL OF BUGS! GOOD LORDY, IF ITS BETTER TO CHARGE MONEY THEN LETS DO IT!! THE HEADACHE IS NOT WORTH THE FREE PRICE TAG. Not even gonna discuss my issues here cos then they'd just move the convo to a new thread. SMH. Clerk is gonna take your lunch money |
Beta Was this translation helpful? Give feedback.
-
If you're struggling with My suggestion to pinpoint the problem is doing exactly what I did to solve it: disable all the code inside both callbacks and deploy the app. You might need to return hardcoded values from the callbacks so the rest of your app continues working. Then reintroduce your code incrementally until it stops working again. Remember to logout between attempts. Done, you've found the problem. |
Beta Was this translation helpful? Give feedback.
-
I am also getting same issue like michalscislowski but in my case its working on locally but when i trying on live (deployed) then it is giving me Referrer Policy: equest URL: Referrer Policy: Referrer Policy: |
Beta Was this translation helpful? Give feedback.
-
I am trying to add custom oauth provider to my next.js app. I am adding custom provider in [...nextauth].js:
OAuth flow seems to work correct, as i am seeing my profile id coming back in responses but it finishes on http://localhost:3000/api/auth/signin?error=Callback
I set debug to true and i am getting following errors:
It says that client is invalid, but i am sure oauth identifier and secret are correct, as well as redirect URL set to
response for profile looks like this if it would be helpful:
Links to documentations:
https://next-auth.js.org/configuration/providers
https://docs.moneybutton.com/docs/api/v1/api-v1-user-identity
I don't know if it's some bug or my approach is wrong and will apreciate any help
Beta Was this translation helpful? Give feedback.
All reactions