JWT not working

[akashshyamdev]

Hey guys,

I'm using the following setup in [...nextauth]:

import clientPromise from "@middleware/mongodb";
import { MongoDBAdapter } from "@next-auth/mongodb-adapter";
import NextAuth from "next-auth";
import FacebookProvider from "next-auth/providers/facebook";
import GoogleProvider from "next-auth/providers/google";
import TwitterProvider from "next-auth/providers/twitter";

export default NextAuth({
  adapter: MongoDBAdapter({
    db: (await clientPromise).db("dev"),
  }),
  providers: [
    FacebookProvider({
      clientId: process.env.FACEBOOK_CLIENT_ID,
      clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
    }),
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    }),
    TwitterProvider({
      clientId: process.env.TWITTER_CLIENT_ID,
      clientSecret: process.env.TWITTER_CLIENT_SECRET,
    }),
  ],
  callbacks: {
    async session({ session, token, user }) {
      console.log("session", session);
      console.log("user", user);
      console.log("token", token);

      session.id = user?.id;
      session.accessToken = token.accessToken;

      return session;
    },
  },
  secret: process.env.JWT_SECRET,
  session: {
    jwt: true,
  },
});

But for some reason, I don't get(in the frontend) a JWT token(a string) but instead an object containing {user: {name, email, image}, expires: Date}. All I want is the user's _ID(mongodb default unique ID) inside the session/JWT token. Am I missing something here?

[balazsorban44]

https://next-auth.js.org/configuration/callbacks#jwt-callback

https://next-auth.js.org/configuration/options#session

[akashshyamdev]

Also, using a JWT with a session sort of defeats the point of a JWT, which is storing the user's auth state on the client instead of the server.

[balazsorban44]

yes, as shown above.

when using a jwt session (not a database persisted one), the token's content is determined by what you return in the jwt callback. the session received in the client is only a subset of that by default, for privacy/security reasons. if you absolutely need the ID client side, you can return that as well.

[balazsorban44]

you CAN use a database persisted session, just drop the session.jwt true config. When using an adapter, the default is to store the session in the database

[akashshyamdev]

Ok I've understood this, thanks a lot for your help! Are there any pending issues for me to help with? Also, I think there should be examples with typescript too. Secondly, how can I access the user in the jwt callback on signup? Finally, how can I extend session.user to add a id with typescript?

[balazsorban44]

Feel free to suggest docs changes if you think you could improve it. You can open a PR to https://github.com/nextauthjs/docs

We have TS docs at https://next-auth.js.org/getting-started/typescript#module-augmentation