Session is undefined after successful credentials login - No session cookie #12859

abgonzalez93 · 2025-04-09T10:21:25Z

abgonzalez93
Apr 9, 2025

Hey everyone 👋 I'm using NextAuth.js with CredentialsProvider and trying to mock a login flow using /login/[token]. The login endpoint (/api/login) returns the correct user and calls signIn() server-side. The login works, but the session is always undefined.

✅ What works

I call signIn('credentials', ...) inside /api/login
The mock user is returned correctly
Response is 200 OK
I can see cookies: authjs.callback-url and authjs.csrf-token

❌ What's broken

auth() (server) and useSession() (client) return null
Cookie authjs.session-token is not being set
The session is never established

🧪 Console logs

[ TOKEN ]:  { name: undefined, email: undefined, picture: undefined, sub: '1' }
[ USER ]:  {
  id: '1',
  username: 'Antonio Bueno',
  ...
}
[ TRIGGER ]:  signIn
[ SESSION ]:  undefined

🧩 Code summary

// /login/[token]/page.tsx
import { auth, authLogin } from '@services/index'
import { LOGIN_CONFIG } from '@constants/index'
import { redirect } from 'next/navigation'

export default async function LoginPage({ params }: { params: { token: string } }) {
  const session = await auth()
  if (session) return redirect(LOGIN_CONFIG.DEFAULT_REDIRECT)

  try {
    const { token } = await params
    await authLogin(token)
    return redirect(LOGIN_CONFIG.DEFAULT_REDIRECT)
  } catch (error) {
    throw new Error('No se pudo iniciar sesión. El token es inválido o expiró.')
  }
}

// authLogin.ts
export const authLogin = async (token: string): Promise<void> => {
  if (!token?.trim()) throw new Error('❌ Token requerido')

  try {
    const response = await fetch(`${BASE_URL}/api/login`, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({ token }),
      credentials: 'include',
    })

    if (!response.ok) {
      const { error } = await response.json()
      throw new Error(error || '❌ Error desconocido durante el login')
    }
  } catch (error) {
    console.error('🌐 authLogin error:', error)
    if (error instanceof Error) throw error
    throw new Error('❌ No se pudo iniciar sesión con el token proporcionado')
  }
}

// api/login/route.ts
import { signIn, authToken, getUserData } from '@services/index'
import { NextResponse } from 'next/server'

export async function POST(request: Request) {
  try {
    const { token } = await request.json()

    if (!token?.trim()) return NextResponse.json({ error: 'Token requerido' }, { status: 400 })

    const { access_token, refresh_token, expires_in } = await authToken(token)
    const user = await getUserData(access_token)

    const response = await signIn('credentials', {
      token: access_token,
      refreshToken: refresh_token,
      expiresIn: expires_in,
      user: JSON.stringify(user),
      redirect: false,
    })

    console.log('[ route.ts RESPONSE ]', response)
    if (response instanceof Response) return response
    return NextResponse.json({ ok: true })
  } catch (error) {
    console.error('❌ Error en /api/login:', error)
    return NextResponse.json({ error: 'Login fallido. Verifica el token o el backend.' }, { status: 500 })
  }
}

// services/auth/authProvider.ts
import { jwtCallback, sessionCallback } from '@services/auth/index'
import CredentialsProvider from 'next-auth/providers/credentials'
import { Credentials, SessionUser } from '@models/index'
import NextAuth, { User } from 'next-auth'

export const { handlers, signIn, signOut, auth } = NextAuth({
  secret: process.env.AUTH_SECRET,
  session: {
    strategy: 'jwt',
  },
  providers: [
    CredentialsProvider({
      name: 'Vialine',
      credentials: {
        token: { label: 'Token', type: 'text' },
        refreshToken: { label: 'Refresh Token', type: 'text' },
        expiresIn: { label: 'Expires In', type: 'text' },
        user: { label: 'User', type: 'text' },
      },
      async authorize(credentials): Promise<User | null> {
        const { token, refreshToken, expiresIn, user } = credentials as Credentials

        if (!token || !refreshToken || !expiresIn || !user) {
          console.error('❌ Credenciales inválidas')
          return null
        }

        const parsedUser: SessionUser = JSON.parse(user)

        return {
          ...parsedUser,
          access_token: token,
          refresh_token: refreshToken,
          expires_in: Number(expiresIn),
          token_type: 'bearer',
        }
      }
    }),
  ],
  debug: process.env.NODE_ENV === 'development',
  callbacks: {
    jwt: jwtCallback,
    session: sessionCallback,
  }
})

// services/auth/authCallbacks.ts
import { mapUserToToken, mapBackendUserToSessionUser } from '@utils/index'
import { refreshToken } from '@services/index'
import { Session, User } from 'next-auth'
import { JWT } from 'next-auth/jwt'

const DEFAULT_EXPIRES_IN = 1800 // 30 minutos

export const jwtCallback = async ({ token, user, trigger, session }: { token: JWT; user?: User, trigger?: 'signIn' | 'signUp' | 'update', session?: Session; }): Promise<JWT> => {
  const now = Math.floor(Date.now() / 1000)

  console.log('[ TOKEN ]: ', token)
  console.log('[ USER ]: ', user)
  console.log('[ TRIGGER ]: ', trigger)
  console.log('[ SESSION ]: ', session)

  if (user) {
    const mapped = mapUserToToken(user)

    return {
      ...token,
      ...mapped,
      expiresAt: now + (user.expires_in ?? DEFAULT_EXPIRES_IN),
    }
  }

  if (token.expiresAt && now < token.expiresAt - 60) return token

  try {
    const refreshed = await refreshToken(token.access_token, token.refresh_token)

    return {
      ...token,
      access_token: refreshed.access_token,
      refresh_token: refreshed.refresh_token,
      expiresAt: now + refreshed.expires_in,
    }
  } catch (error) {
    console.error('❌ Error al refrescar token:', error)

    return {
      ...token,
      error: 'RefreshTokenError',
    }
  }
}

export const sessionCallback = async ({ session, token }: { session: Session; token: JWT }): Promise<Session> => {
  try {
    const mappedUser = mapBackendUserToSessionUser(token.user)

    return {
      ...session,
      user: mappedUser,
      accessToken: token.access_token,
      refreshToken: token.refresh_token,
      expiresAt: token.expiresAt,
      error: token.error,
    }
  } catch (error) {
    console.error('❌ Error construyendo sesión', error)
    return session
  }
}

💡 Context

I initially tried calling signIn() inside a Server Action, but got this error:
❌ Cookies can only be modified in a Server Action or Route Handler
So I moved the logic to a route handler (/api/login). It works, but no session cookie is set — and session remains null.

❓ Questions

Why is authjs.session-token not being set?
Could it be a cookie scope or SameSite issue?
Should I be setting the session cookie manually?
Is there something I’m missing in the use of signIn() from a route handler?

Thanks in advance for any help 🙏

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Session is undefined after successful credentials login - No session cookie #12859

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Uh oh!

Session is undefined after successful credentials login - No session cookie #12859

Uh oh!

Uh oh!

abgonzalez93 Apr 9, 2025

Replies: 0 comments

abgonzalez93
Apr 9, 2025