Miro custom provider breaks in v4

[efeichen]

Question 💬

I wrote a simple custom provider for Miro that worked smoothly in v3. However, after migrating to v4, I received an oauth_callback_error expected 200 OK, got: 500 Internal Server Error. I will attach my provider config below, but I'm looking for some pointers as to what might cause the oauth flow to break in the newer version? Or some tips how to debug? Thank you very much 🙏

Here's a stack trace of the error:

at processResponse (/Users/efeichen/Documents/Dev/smart-boards/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Client.grant (/Users/efeichen/Documents/Dev/smart-boards/node_modules/openid-client/lib/client.js:1338:22)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n' +
      '    at async Client.oauthCallback (/Users/efeichen/Documents/Dev/smart-boards/node_modules/openid-client/lib/client.js:610:24)\n' +
      '    at async oAuthCallback (/Users/efeichen/Documents/Dev/smart-boards/node_modules/next-auth/core/lib/oauth/callback.js:114:16)\n' +
      '    at async Object.callback (/Users/efeichen/Documents/Dev/smart-boards/node_modules/next-auth/core/routes/callback.js:50:11)\n' +
      '    at async NextAuthHandler (/Users/efeichen/Documents/Dev/smart-boards/node_modules/next-auth/core/index.js:133:28)\n' +
      '    at async NextAuthNextHandler (/Users/efeichen/Documents/Dev/smart-boards/node_modules/next-auth/next/index.js:20:19)\n' +
      '    at async /Users/efeichen/Documents/Dev/smart-boards/node_modules/next-auth/next/index.js:56:32\n' +
      '    at async Object.apiResolver (/Users/efeichen/Documents/Dev/smart-boards/node_modules/next/dist/server/api-utils.js:102:9)',
    name: 'OPError'

How to reproduce ☕️

Below is my next-auth config. It's pretty straightforward except Miro also asks for clientId and clientSecret in the token URL.

To fully produce the issue, one might need to be on the Miro dev platform and make a Miro app.

export default NextAuth({
    providers: [
        {
            id: 'miro',
            name: 'Miro',
            type: 'oauth',
            version: '2.0',
            authorization: 'https://miro.com/oauth/authorize',
            token: 'https://api.miro.com/v1/oauth/token',
            userinfo: 'https://api.miro.com/v1/users/me',
            profile: (profile) => profile,
            clientId: process.env.MIRO_CLIENT_ID,
            clientSecret: process.env.MIRO_CLIENT_SECRET,
        },
    ],
    callbacks: {
        async jwt({ token, user, account }) {
            // Add accessToken to the token right after signin
            if (account?.accessToken) {
                token = {
                    accessToken: account.accessToken,
                    user: {
                        name: user.name,
                        email: user.email,
                        image: user.picture.imageUrl,
                    },
                };
            }

            return token;
        },

        async session({ session, token }) {
            session.accessToken = token.accessToken;
            session.user = token.user;

            return session;
        },
    },
    secret: process.env.NEXTAUTH_SECRET,
    debug: true,
});

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

[ndom91]

Hey @efeichen, I double checked this and got the same results. Are we sure Miro didn't change any URLs?

[efeichen]

Hi @ndom91, circling back on this. I double-checked and that doesn't seem to be the case. Again, it seems like v3 of next-auth works perfectly but v4 breaks with an oauth_callback_error: expected 200 but returned 500 server error (OP error). Not sure if this is something I did on my end as the only change I made was changing how the config is written from v3 to v4.

Another observation I made is that I was able to successfully get the authorization code and state... so the only step left is to exchange the auth code for the access token.

Did the library change how it handles token requests?