Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization result overriding custom User.id returned in OAuthConfig.profile callback in v5 #11174

Open
Saran33 opened this issue Jun 16, 2024 · 2 comments
Open

Authorization result overriding custom User.id returned in OAuthConfig.profile callback in v5 #11174

Saran33 opened this issue Jun 16, 2024 · 2 comments
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

Comments

@Saran33
Copy link

Saran33 commented Jun 16, 2024

Environment

 System:
  System:
    OS: macOS 14.5
    CPU: (12) arm64 Apple M2 Max
    Memory: 12.53 GB / 64.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 21.7.0 - ~/.nvm/versions/node/v21.7.0/bin/node
    npm: 10.5.0 - ~/.nvm/versions/node/v21.7.0/bin/npm
    pnpm: 9.0.6 - ~/.nvm/versions/node/v21.7.0/bin/pnpm
  Browsers:
    Chrome: 126.0.6478.61
    Safari: 17.5
  npmPackages:
    @auth/core: ^0.32.0 => 0.32.0 
    next: 14.2.4 => 14.2.4 
    next-auth: 5.0.0-beta.19 => 5.0.0-beta.19 
    react: 18.2.0 => 18.2.0

Reproduction URL

https://github.com/Ali-Raza764/next-auth-tookit

Describe the issue

In our auth flow, we are using a JWT strategy as part of a microservice architecture. The Next.js server deals with external Oauth providers and exchanges a JWT for an access token from another one of our servers. When a user is authenticated, within the OAuthConfig.profile callback, we make an API call to another server to get or create a user. As such, we return a user id specific to our database. We aren't using a database adapter strategy because we don't wish to make db queries directly from the Next.js server for security reasons.

In next-auth v4, we could return this user object in the OAuthConfig.profile callback and it would be available in the jwt callback. In v5, we can still do this, but it's not respecting our custom id property. It appears to be overridden in the handleOAuth callback, being replaced with a uid from the external Oauth provider. All other fields can successfully be overridden in the OAuthConfig.profile callback. Is this intended behaviour?

How to reproduce

Attempt to override the id property of the user object returned in any OAuthConfig.profile callback.

Expected behavior

The result of the OAuthConfig.profile callback should b used as the user object passed the jwt callback, as per the jwt callback docstring.
@Saran33 Saran33 added bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime. labels Jun 16, 2024
@Ali-Raza764
Copy link

I see you have provided link to my repo but I don't understand your issue. For me the user.id in the session is same as that returned by the database.

@Saran33
Copy link
Author

Saran33 commented Jun 17, 2024

I see you have provided link to my repo but I don't understand your issue. For me the user.id in the session is same as that returned by the database.

Apologies, copied template from latest issue which must have been yours and didn't update the URL. I think the issue hopefully is relatively apparent anyway so shouldn't need a Reproduction URL. Our repo is private in any case.

You mention database, which in that case sounds like it should be working. This issue we're experiencing is when using the JWT strategy though

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Unseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Saran33 @Ali-Raza764