How do I manually add values to session token?

[dbeaudway]

How can I manually add values to the server-side token or session, outside of using an auth method?

Scenario:

• I'm using the Strava provider as primary login to the app
• I've created a separate auth flow (outside of next-auth) so logged in users can access their Spotify songs
• I want to save the Spotify access & refresh tokens in the next-auth session

I've tried doing this with something like:

// ...already retrieved Spotify tokens
const token = await getToken({ req, secret })
token['spotify'] = spotifyTokens

When I read the token value in future API calls the Spotify values don't exist?

It's not clear to me how to use the callbacks to save this value either -- because those are triggered when using next-auth login flow?

[balazsorban44]

You should not modify the token outside NextAuth.js, as you lose a good deal of security benefits, and kind of destroy the purpose of using NextAuth.js

You should only modify the session inside NextAuth.js, using the provided methods. The jwt or session callback sounds like the right place in your case.

Although we currently don't support persisting sessions between providers with the JWT strategy default. #2988

If you use a database, you can fetch multiple accounts in the session callback. The only requirement is that you connect accounts using the same e-mail address. (both Strava and Spotify should be logged into with the same e-mail)