Token is null when using credentials provider

[S7012MY]

When I call getToken in a pages/api file I always get null.

Also the jwt token doesn't look right. authorize returns an object also containing email and role, but those don't seem to appear when printing the token in the jwt callback.

I'm 99% sure it's a configuration issue, but I can't find it

[...nextauth].ts:

import NextAuth from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials"

export default NextAuth({
  providers: [
    CredentialsProvider({
      id: 'credentials',
      name: 'Email',

      credentials: {
        mail: { label: "Email", type: "text" },
        password: {  label: "Password", type: "password" }
      },

      async authorize(credentials, req) {
        console.log("authorizing")
        const res = await fetch(process.env.SITE_URL + "/api/user/login", {
          method: 'POST',
          body: JSON.stringify(credentials),
          headers: { "Content-Type": "application/json" }
        })
        const userResponse = await res.json()

        if (res.status === 200) {
          const user = await JSON.parse(userResponse.user)
          return user
        }
        return null
      }
    }),
  ],
  callbacks: {
    async jwt({ token, account }) {
      console.log("jwt:")
      console.log(token)
      // prints:
      // jwt:
      // {
      //   name: 'Petru Trimbitas',
      //   iat: 1649090585,
      //   exp: 1651682585,
      //   jti: 'b9427004-b5f7-4743-b85c-9d0ab4a73198'
      // }
      return token
    }
  },
  secret: process.env.NEXTAUTH_SECRET,
  session: {
    strategy: "jwt",
    maxAge: 30 * 24 * 60 * 60,
  },
  jwt: {
    secret: process.env.JWT_SECRET,
  },
})

[rizchaerul]

The role and email are in user, not in token, here's my code

    callbacks: {
        async session({ session, token }) {
            return {
                ...session,
                token,
            };
        },
        async jwt({ token, user }) {
            if (user) {
                return user;
            }

            return token;
        },
    },

[S7012MY]

The documentation says the following:
If you return an object it will be persisted to the JSON Web Token and the user will be signed in, unless a custom signIn() callback is configured that subsequently rejects it.
so returning the user in authorize should be enough, or at least that's how I understand the documentation

[S7012MY]

Thanks a lot. So apparently I need to persist the data in the session and get it from there.