Session callback not firing even when the jwt callback is called with a token

[migdall]

I have followed the documentation and I am able to log in successfully and a few other people in my organization are able to log in successfully as well on the live site but there are several people who have access to their Microsoft Outlook accounts who are not signing in even though they are returning a token in the jwt callback and a user in the signIn callback.

[....nextauth].js

import NextAuth from 'next-auth';
import AzureADProvider from 'next-auth/providers/azure-ad';

export default NextAuth({
  // Configure one or more authentication providers
  providers: [
    AzureADProvider({
      clientId: process.env.AZURE_AD_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
      tenantId: process.env.AZURE_AD_TENANT_ID,
    }),
  ],
  session: { jwt: true },
  callbacks: {
    async signIn({ user, account, profile, email, credentials }) {
      return true;
    },
    async redirect({ url, baseUrl }) {
      return url.startsWith(baseUrl) ? url : baseUrl;
    },
    async jwt({ token, account }) {
      if (account) {
        token.accessToken = account.access_token;
      }
      return token;
    },
    async session({ session, token, user }) {
      session.accessToken = token.accessToken;
      return session;
    },
  },
});

Here is how I am getting the session on the client side.
pages/donations/index.js

export default function Donations({ teams, campaigns }) {
  const { data: session } = useSession();
  ...
  if (session) {
    return (
      <div>
      </div>
    );
}

Both users get access tokens in the jwt but I see the session callback and the users who can't log in do not see the session callback. Any help would be appreciated. Thank you

[MA-Ghani]

@migdall I had the same issue as yours.
I have managed to fix the problem by simply reducing the size of data I was storing in my Jwt token before passing it to the Session. If some of the users have more data then they can run into this issue of not being able to sign in since Cookie size limit has reached.

Now rather than passing the entire user to session inside token, just pass the important needed info like Id, verified, etc.

I hope this helps you

[migdall]

Thank you for the answer. So would I just need to do this in the jwt callback?

import NextAuth from 'next-auth';
import AzureADProvider from 'next-auth/providers/azure-ad';

export default NextAuth({
  // Configure one or more authentication providers
  providers: [
    AzureADProvider({
      clientId: process.env.AZURE_AD_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
      tenantId: process.env.AZURE_AD_TENANT_ID,
    }),
  ],
  session: { jwt: true },
  callbacks: {
    async signIn({ user, account, profile, email, credentials }) {
      return true;
    },
    async redirect({ url, baseUrl }) {
      return url.startsWith(baseUrl) ? url : baseUrl;
    },
    async jwt({ token, account }) {
      if (account) {
        let new_token;
        new_token.accessToken = account.access_token;
        return new_token;
      }
      return token;
    },
    async session({ session, token, user }) {
      session.accessToken = token.accessToken;
      return session;
    },
  },
});

[MA-Ghani]

@migdall Yes, you have to do it inside the JWT function. I'll show you how I did it.

My Old code

async jwt(token, data) {
        if (data) {
            token.accessToken = data.accessToken || data?.token;
            token.user = data?.user
        return token;
 } 

My new Code

async jwt(token, data) {
        if (data) {
            token.accessToken = data.accessToken || data?.token;
            // Set the values you need in the session
            token.user = {
                isVerified: data?.user?.isVerified,
                active: data?.user?.active,
                role: data?.user?.role,
                _id: data.user?._id,
                username: data?.user?.username,
            };
        }

        return token;
}

You can also reduce the amount of data sent by the backend on your login call. If you don't want to do that, just handle it on Auth-Next the way we discussed above.

[migdall]

Thank you I will try this and see if it works for my users.

[migdall]

Thank you for that answer @MA-Ghani that worked! The problem was that the user object's containing a profile picture were too large to pass to the token. Here is the content of my nextauth js file that works.

import NextAuth from 'next-auth';
import AzureADProvider from 'next-auth/providers/azure-ad';

export default NextAuth({
  // Configure one or more authentication providers
  providers: [
    AzureADProvider({
      clientId: process.env.AZURE_AD_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
      tenantId: process.env.AZURE_AD_TENANT_ID,
    }),
  ],
  session: { jwt: true },
  callbacks: {
    async signIn({ user, account, profile, email, credentials }) {
      return true;
    },
    async redirect({ url, baseUrl }) {
      return url.startsWith(baseUrl) ? url : baseUrl;
    },
    async jwt({ token, user, account }) {
      if (user || account) {
        let new_token = {};
        new_token.access_token = account.access_token;
        new_token.user = { id: user.id, email: user.email, name: user.name };
        return new_token;
      }

      return token;
    },
    async session({ session, token }) {
      session.access_token = token.access_token;
      session.user = token.user;
      return session;
    },
  },
});

Thank you so much for your help everyone! I hope this helps people in the future.

[MA-Ghani]

@migdall I'm happy to help you. @balazsorban44 has posted an update that cookie chunking is on its way! Thats great news

[balazsorban44]

Update, cookie chunking is on the way! #3101 🎉

[milaabl]

Update, cookie chunking is on the way! #3101 🎉

That would be so amazing! I've been struffling with that too for 3 days. I'm happy I've found that discussion here! Thank you everyone!