JWT is empty upon sign-in process

[Kay2dan]

Question 💬

I am trying to connect Next-Auth to a custom implementation of OAuth 2.0. The app successfully takes to the sign-in page, upon sign-in, takes back to the home page, however, I get session = null.

I noticed that through the sign-in process, it hits an endpoint:

GET http://localhost:3000/api/auth/session

The request-cookies tab contains the csrf-token and jsessionid. However, it returns with json empty object {} & status code of `304 : not modified'.

My config:

export default NextAuth({
  providers: [{
      id: "quot-test",
      name: "quot-test",
      type: "oauth",
      version: "2.0",
      scope: "openid email",
      state: true,
      protection: "state",
      params: { grant_type: "authorization_code" },
      idToken: true,
      authorizationParams: {
        response_type: "code",
      },
      authorizationUrl:
        "http://localhost:9000/oauth2/authorize?response_type=code",
      accessTokenUrl: "http://localhost:9000/oauth2/token",
      requestTokenUrl: "http://localhost:9000/oauth2/jwks",
      clientId: process.env.QUOT_ID,
      clientSecret: process.env.QUOT_SECRET,

      profile: (profile, tokens) => {
        console.log("in profile");
        return {
          id: tokens.idToken,
          token: tokens.idToken,
        };
      },
  },],
  // secret: process.env.SECRET,
  debug: true,
  session: {
    jwt: true,
    maxAge: 60 * 5,
  },
  jwt: {
    encryption: false,
    // secret: process.env.SECRET,
    //   cookieName: "JSESSIONID",
    //   raw: true,
  },
  callbacks: {
    jwt(token, user, account, profile, isNewUser) {
      console.log("within jwt callback");
      if (account?.accessToken) {
        token.accessToken = account.accessToken;
      }
      console.log(token);
      return token;
    },
    session(session, token) {
      console.log("within session");
      session.user.accessToken = token.accessToken;
      console.log(session);
      return session;
    },
  },
});

None of the console.logs get triggered and my terminal and browser console show none of the print logs.
I am using Node 12.x.

What am I doing wrong?

Contributing 🙌🏽

No, I am afraid I cannot help regarding this

[balazsorban44]

could you try returning a static string (eg "quot-test" as the value of id in the profile callback?

the tokens are already available in the jwt callback, you don't have to pass them in the profile callback anyway.
check the account param

https://next-auth.js.org/configuration/callbacks#jwt-callback

[Kay2dan]

Thank you @balazsorban44 , however, none of the console logs within profile func (within provider) and within callbacks object get triggered.

Combing through the request logs in browser console :

POST http://localhost:9000/authenticate returns nothing in response. The request cookie has JSESSIONID & csrf token values along with redirect path.

GET http://localhost:3000/api/auth/session when called a short moment later, returns an empy JSON obj. The request cookie includes as above, a JSESSIONID & csrf token.

[balazsorban44]

as you mentioned a custom provider, I'm not sure we'll be able to help without a full reproduction.

[0ubbe]

You can use our templates in CodeSandbox to provide a full reproduction of the issue:

• JS Template
• TS Template
  Once done, we can create the account in Quot and try to reproduce 👍🏽

[carloschida]

Just from a quick glance, I see that the signature of your callbacks do not deconstruct the params. What I mean is that instead of

jwt(token, user, account, profile, isNewUser)

you should have

jwt({ token, user, account, profile, isNewUser })

[balazsorban44]

Depend son the version https://next-auth.js.org/getting-started/upgrade-v4#callbacks

[carloschida]

Yeah, my mistake. I started using NextAuth from v4 beta.

[Kay2dan]

Thank you for looking into this for me guys. Im not at that company anymore so I think this can be closed.