Credentials Provider does not allow non-standard JSON in session user object #3420
-
Description 🐜I implemented the Credentials Provider for the FLOW Wallet since OAuth does not work there, & then it wasn't adding the user in the session. I then tried the sample which worked! However any nested object I added did not show up which means the JSON User would only be one dimensional! Here is the provider BEFORE: CredentialsProvider(
{
name: 'SAMPLE',
type: 'credentials',
credentials: {},
authorize: async (credentials: any, req) => {
const user = { id: 1, name: 'SAMPLE NAME', email: '[email protected]' };
if (user) {
// Any object returned will be saved in `user` property of the JWT
return user;
} else {
// If you return null or false then the credentials will be rejected
return null
// You can also Reject this callback with an Error or with a URL:
// throw new Error('error message') // Redirect to error page
// throw '/path/to/redirect' // Redirect to a URL
}
}
}
)Here is the provider AFTER: CredentialsProvider(
{
name: 'SAMPLE',
type: 'credentials',
credentials: {},
authorize: async (credentials: any, req) => {
const user = { id: 1, name: 'SAMPLE NAME', email: '[email protected]', userProfile: { id: 2, username: 'abc' } };
if (user) {
// Any object returned will be saved in `user` property of the JWT
return user;
} else {
// If you return null or false then the credentials will be rejected
return null
// You can also Reject this callback with an Error or with a URL:
// throw new Error('error message') // Redirect to error page
// throw '/path/to/redirect' // Redirect to a URL
}
}
}
)Here is what useSession returns in the session variable Is this a bug in your own project?No How to reproduce ☕️I implemented the Credentials Provider for the FLOW Wallet since OAuth does not work there, & then it wasn't adding the user in the session. I then tried the sample which worked! However any nested object I added did not show up which means the JSON User would only be one dimensional! Here is the provider BEFORE: CredentialsProvider(
{
name: 'SAMPLE',
type: 'credentials',
credentials: {},
authorize: async (credentials: any, req) => {
const user = { id: 1, name: 'SAMPLE NAME', email: '[email protected]' };
if (user) {
// Any object returned will be saved in `user` property of the JWT
return user;
} else {
// If you return null or false then the credentials will be rejected
return null
// You can also Reject this callback with an Error or with a URL:
// throw new Error('error message') // Redirect to error page
// throw '/path/to/redirect' // Redirect to a URL
}
}
}
)Here is the provider AFTER: CredentialsProvider(
{
name: 'SAMPLE',
type: 'credentials',
credentials: {},
authorize: async (credentials: any, req) => {
const user = { id: 1, name: 'SAMPLE NAME', email: '[email protected]', userProfile: { id: 2, username: 'abc' } };
if (user) {
// Any object returned will be saved in `user` property of the JWT
return user;
} else {
// If you return null or false then the credentials will be rejected
return null
// You can also Reject this callback with an Error or with a URL:
// throw new Error('error message') // Redirect to error page
// throw '/path/to/redirect' // Redirect to a URL
}
}
}
)Here is what useSession returns in the session variable Screenshots / Logs 📽
Environment 🖥System: Contributing 🙌🏽Yes, I am willing to help solve this bug in a PR |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments
-
|
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
Here is my logging code, the user is defined in the JWT callback but not the session callback. In the credentials provider doc, it states that you need JWT enabled, so I'm assuming I can manually do it using the token.user object. In the docs, it states that what you return will be used (it says JWT token). So is it safe to assume that this the credentials user is not valid in the session? |
Beta Was this translation helpful? Give feedback.
-
This is an error I receive when I try to assign the token user to the session user. The session user seems to have a particular type to follow. This is not clear in the documentation. Is the session user standardized? |
Beta Was this translation helpful? Give feedback.
-
|
Any updates? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, by default, a user in session contains only |
Beta Was this translation helpful? Give feedback.
Yes, by default, a user in session contains only
name,emailandimageproperties. The session also hasexpiresproperty. It's not a bug, and its documented here: https://next-auth.js.org/configuration/callbacks#session-callbackHow to accomplish what you are trying to do is explained in this discussion: #2762 (reply in thread)