Session cookie not set when deployed in production on Amplify Hosting

[davideicardi]

I have tried to deploy a simple Next-Auth.js app (v4.17, Next.js 13.0.4) to Amplify Hosting.

I need to integrate with AWS Cognito for authentication. In localhost everything works fine. But when deployed to Amplify it seems that the session cookie is not set, and so the user is never authenticated.
I receive a redirect from cognito to my app with an authorization code, but the callback doesn't generate the correct set-cookie instruction. It looks like the callbacks.session is never called. I don't see any error in the browser console or in Cloudwatch.

My [...nextauth].ts code:

import NextAuth, { NextAuthOptions } from 'next-auth'
import CognitoProvider from 'next-auth/providers/cognito';

declare module 'next-auth' {
  export interface Session {
    accessToken: string | undefined
  }
}
declare module 'next-auth/jwt' {
  export interface JWT {
    accessToken: string | undefined
  }
}
if (!process.env.COGNITO_CLIENT_ID) {
  throw new Error('COGNITO_CLIENT_ID is not defined');
}
if (!process.env.COGNITO_CLIENT_SECRET) {
  throw new Error('COGNITO_CLIENT_SECRET is not defined');
}
if (!process.env.COGNITO_ISSUER) {
  throw new Error('COGNITO_ISSUER is not defined');
}
export const authOptions: NextAuthOptions = {
  providers: [
    CognitoProvider({
      clientId: process.env.COGNITO_CLIENT_ID,
      clientSecret: process.env.COGNITO_CLIENT_SECRET,
      issuer: process.env.COGNITO_ISSUER,
      authorization: { params: { scope: 'aws.cognito.signin.user.admin email openid phone profile' } },
    }),
  ],
  callbacks: {
    async jwt({ token, account }) {
      if (account) {
        token.accessToken = account.access_token
      }
      return token;
    },
    async session({ session, token }) {
      // THIS FUNCTION IS NEVER CALLED WHEN DEPLOYED TO AMPLIFY
      session.accessToken = token.accessToken
      return session
    }
  },
  session: {
    strategy: 'jwt',
  },
}

export default NextAuth(authOptions)

I have configured NEXTAUTH_URL and all environment variables in Amplify.

Any idea? I don't know how to debug ...

[aanifowose111]

Any solution to this? I noticed similar issue. I am using Next auth v5 deployed to amplify but the deployment was successful, static page works ok but the side that are dependent on session does not work

[aanifowose111]

I fix this few minutes after making the comment above: It was fixed by setting AUTH_TRUST_HOST to true in .env on amplify.