How to use getToken correctly after Next.js 12.2.0

[p-null]

Hi,

I used to rely on getToken to check if a user is logged in: If they are not, then redirect to login page welcome/auth:

import { getToken } from "next-auth/jwt";
import { NextResponse } from "next/server";
const PUBLIC_FILE = /\.(.*)$/;

/** @param {import("next/server").NextRequest} req */
export async function middleware(req) {
    const { pathname } = req.nextUrl;

    if (
        !(
            (
                PUBLIC_FILE.test(pathname) || // exclude all files in the public folder
                pathname.startsWith("/api") || //  exclude all API routes
                pathname.includes("auth") ||
                pathname.includes("_next") ||
                pathname.startsWith("/static") // exclude static files
            ) 
        )
    ) {
        const session = await getToken({
            req,
            secret: process.env.NEXTAUTH_SECRET,
            secureCookie:
                process.env.NODE_ENV === "production" ||
                process.env.NODE_ENV === "preview",
        });

        const url = req.nextUrl.clone();
        url.pathname = "/welcome/auth";

        if (!session) return NextResponse.redirect(url);

    }
}

I would like to protect all pages except the login page welcome/auth.

But now I found, even after a user is logged in, the session here is still null. I have read next.js and next-auth release notes, I might be missing something. Could someone remind me what is wrong?

Thanks in advance!

[mwerder]

Hey there, did you find a solution?
I am running into the exact same problem. Since I upgraded next and had to move the middleware file from _/pages/middleware.ts
to /middleware.ts getToken() always returns null

[mwerder]

[email protected] seems to have fixed it! as mentioned here
worked for me!