NextAuth Session Not Populated with User Data after Successful Login (Credentials Provider) #9317

Felixdiamond · 2023-12-05T11:16:19Z

Felixdiamond
Dec 5, 2023

I'm using NextAuth with a CredentialsProvider and JWT session in my app. When a user logs in, the authorize callback correctly returns a user object:

authorize: async (credentials) => {

// find and validate user

return {
id: user._id,
email: user.email
}
}

However, the session callback and getSession() do not have the user data available:

session: (session, token) => {
console.log(session) // { user: {} }
return session
}

Here's the full code along with its logs:

import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import { mongooseConnect } from "@/lib/mongoose";
import { Person } from "@/models/Person";
import bcrypt from "bcrypt";
import { encode, decode } from 'next-auth/jwt';
import { MongoDBAdapter } from "@next-auth/mongodb-adapter";
import mongoose from "mongoose";

async function clientPromise() {
  await mongooseConnect();
  return mongoose.connection.getClient();
}

export default NextAuth({
  adapter: MongoDBAdapter(clientPromise()),
  providers: [
    CredentialsProvider({
      name: "Email and Password",
      credentials: {
        email: { label: "email", type: "text" },
        password: { label: "password", type: "password" },
      },
      jwt: { encode, decode },
      authorize: async (credentials) => {
        await mongooseConnect();

        const user = await Person.findOne({ email: credentials.email });

        if (
          user &&
          (await bcrypt.compare(credentials.password, user.password))
        ) {
          console.log(
            `yo, the return statement is def running ${user._id.toString()}`
          );
          // Convert the user object to a JSON string before returning it
          const userr = {
            email: user.email,
            name: user.name,
            image: user.image,
            address: user.address,
            phoneNumber: user.phoneNumber,
            favorites: user.favorites,
            purchaseHistory: user.purchaseHistory,
          };
          console.log("User object in authorize:", userr);
          return userr;
        } else {
          throw new Error("Invalid email or password");
        }
      },
    }),
  ],
  secret: process.env.NEXTAUTH_SECRET,
  session: {
    strategy: "jwt",
    jwt: true,
    maxAge: 30 * 24 * 60 * 60, // 30 days
  },
  callbacks: {
    async jwt(token, user) {
      // Parse the user object from a JSON string before modifying it
      if (user) user = user;
      if (user) token.id = user.email;
      console.log("Token and user objects in jwtt:", token, user);
      return token;
    },

    async session(session, token) {
      // Log the session and token objects before modifying them
      console.log("Session and token objects in session:", session, token);
      if (!token) {
        return session;
      }

      if (session && session.user) {
        session.user.email = token.email;
      }
      // Log the session object after modifying it
      console.log("Session object in session:", session);
      return session;
    },
  },
});

Logs:

User object in authorize: {
  email: '[email protected]',
  name: 'oah as',
  image: undefined,
  address: 'hmmm',
  phoneNumber: '028282',
  favorites: [],
  purchaseHistory: []
}
Token and user objects in jwtt: {
  token: {
    name: 'oah as',
    email: '[email protected]',
    picture: undefined,
    sub: undefined
  },
  user: {
    email: '[email protected]',
    name: 'oah as',
    image: undefined,
    address: 'hmmm',
    phoneNumber: '028282',
    favorites: [],
    purchaseHistory: []
  },
  account: {
    providerAccountId: undefined,
    type: 'credentials',
    provider: 'credentials'
  },
  isNewUser: false,
  trigger: 'signIn'
} undefined
undefined
Token and user objects in jwtt: {
  token: {
    token: { name: 'oah as', email: '[email protected]' },
    user: {
      email: '[email protected]',
      name: 'oah as',
      address: 'hmmm',
      phoneNumber: '028282',
      favorites: [],
      purchaseHistory: []
    },
    account: { type: 'credentials', provider: 'credentials' },
    isNewUser: false,
    trigger: 'signIn',
    iat: 1701772578,
    exp: 1704364578,
    jti: 'fafb5b4d-4488-4140-9dae-364946425fe3'
  },
  session: undefined
} undefined
Session and token objects in session: {
  session: {
    user: { name: undefined, email: undefined, image: undefined },
    expires: '2024-01-04T10:36:21.371Z'
  },
  token: {
    token: {
      token: [Object],
      user: [Object],
      account: [Object],
      isNewUser: false,
      trigger: 'signIn',
      iat: 1701772578,
      exp: 1704364578,
      jti: 'fafb5b4d-4488-4140-9dae-364946425fe3'
    },
    session: undefined
  }
} undefined

I have tried:

Serializing the user object to JSON before returning in authorize callback
Adding delays before returning session
Implementing custom JWT encoding/decoding
Using an adapter for session handling
Manually assigning user properties in session callback

But none have resolved the issue.

The user data seems to be dropped between the authorize and session callbacks.

Any ideas what could be going wrong here or how I can further debug why the user object is not populating the session?

Things I have verified:

Logging shows user data in authorize callback
JWT and session callbacks are running

Any help or insights appreciated!

LingEnd · 2023-12-26T18:20:53Z

LingEnd
Dec 26, 2023

same problem,please let me know if anyone solves it

0 replies

itashki · 2024-01-03T20:29:05Z

itashki
Jan 3, 2024

I authorize like this:

export const { auth, signIn, signOut } = NextAuth({
  ...authConfig,
  providers: [
    credentials({
      async authorize(credentials) {
        const parsedCredentials = z
          .object({ login: z.string(), password: z.string() })
          .safeParse(credentials);

        if (!parsedCredentials.success) return null;
        const { login, password } = parsedCredentials.data;

        const user = await fetchUserByLogin(login);

        if (!user) return null;

        if (!(await compare(password, user.passwordHash))) return null;

        return {
          id: user._id.toString(),
          name: user.login,
          email: user.email,
          image: user.avatarUrl,
        };
      },
    }),
  ],
});

And I have similar issue, since I use v5, I use auth() to get server session and it has user field with only email and name. I use name as index in my mongodb, so it is not much of a problem, but I wonder if I am doing something wrong, or is this a bug.

1 reply

itashki Jan 3, 2024

Image actually works fine, I just had it undefined. So the problem is only with id.

MhL5 · 2024-06-27T07:29:23Z

MhL5
Jun 27, 2024

for me it only works if i set the strategy to "jwt" otherwise user is undefined after successful login
version : "next-auth": "^5.0.0-beta.19"

 session: {
    strategy: "jwt",
  }

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NextAuth Session Not Populated with User Data after Successful Login (Credentials Provider) #9317

{{title}}

Replies: 3 comments 1 reply

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

NextAuth Session Not Populated with User Data after Successful Login (Credentials Provider) #9317

Felixdiamond Dec 5, 2023

Replies: 3 comments · 1 reply

LingEnd Dec 26, 2023

itashki Jan 3, 2024

itashki Jan 3, 2024

MhL5 Jun 27, 2024

Felixdiamond
Dec 5, 2023

Replies: 3 comments 1 reply

LingEnd
Dec 26, 2023

itashki
Jan 3, 2024

MhL5
Jun 27, 2024