You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In our auth flow, we are using a JWT strategy as part of a microservice architecture. The Next.js server deals with external Oauth providers and exchanges a JWT for an access token from another one of our servers. When a user is authenticated, within the OAuthConfig.profile callback, we make an API call to another server to get or create a user. As such, we return a user id specific to our database. We aren't using a database adapter strategy because we don't wish to make db queries directly from the Next.js server for security reasons.
In next-auth v4, we could return this user object in the OAuthConfig.profile callback and it would be available in the jwt callback. In v5, we can still do this, but it's not respecting our custom id property. It appears to be overridden in the handleOAuth callback, being replaced with a uid from the external Oauth provider. All other fields can successfully be overridden in the OAuthConfig.profile callback. Is this intended behaviour?
How to reproduce
Attempt to override the id property of the user object returned in any OAuthConfig.profile callback.
Expected behavior
The result of the OAuthConfig.profile callback should b used as the user object passed the jwt callback, as per the jwt callback docstring.
The text was updated successfully, but these errors were encountered:
Saran33
added
bug
Something isn't working
triage
Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
labels
Jun 16, 2024
I see you have provided link to my repo but I don't understand your issue. For me the user.id in the session is same as that returned by the database.
Apologies, copied template from latest issue which must have been yours and didn't update the URL. I think the issue hopefully is relatively apparent anyway so shouldn't need a Reproduction URL. Our repo is private in any case.
You mention database, which in that case sounds like it should be working. This issue we're experiencing is when using the JWT strategy though
Environment
Reproduction URL
https://github.com/Ali-Raza764/next-auth-tookit
Describe the issue
In our auth flow, we are using a JWT strategy as part of a microservice architecture. The Next.js server deals with external Oauth providers and exchanges a JWT for an access token from another one of our servers. When a user is authenticated, within the OAuthConfig.profile callback, we make an API call to another server to get or create a user. As such, we return a user id specific to our database. We aren't using a database adapter strategy because we don't wish to make db queries directly from the Next.js server for security reasons.
In next-auth v4, we could return this user object in the OAuthConfig.profile callback and it would be available in the jwt callback. In v5, we can still do this, but it's not respecting our custom id property. It appears to be overridden in the handleOAuth callback, being replaced with a uid from the external Oauth provider. All other fields can successfully be overridden in the OAuthConfig.profile callback. Is this intended behaviour?
How to reproduce
Attempt to override the id property of the user object returned in any OAuthConfig.profile callback.
Expected behavior
The result of the OAuthConfig.profile callback should b used as the user object passed the jwt callback, as per the jwt callback docstring.
The text was updated successfully, but these errors were encountered: