JWT User id is random

[fabiangroen]

What is the improvement or update you wish to see?

Note on id in the JWT Token (Extending The Session)

In the official Auth.js documentation under Extending The Session, the example shows saving an id property to the JWT token inside the jwt callback. However, this id is not the unique user ID from the OAuth provider. Instead, it is an internally randomly generated ID. This can cause confusion because the documentation doesn't clarify this and I assumed the id would be dependent on the OAuth account.

Is there any context that might help us understand?

The code in the callback which adds the id to the user object
(node_modules/@auth/core/lib/actions/callback/oauth/callback.js):

export async function getUserAndAccount(OAuthProfile, provider, tokens, logger) {
    try {
        const userFromProfile = await provider.profile(OAuthProfile, tokens);
        const user = {
            ...userFromProfile,
            // The user's id is intentionally not set based on the profile id, as
            // the user should remain independent of the provider and the profile id
            // is saved on the Account already, as `providerAccountId`.
            id: crypto.randomUUID(),
            email: userFromProfile.email?.toLowerCase(),
        };
        return {
            user,
            account: {
                ...tokens,
                provider: provider.id,
                type: provider.type,
                providerAccountId: userFromProfile.id ?? crypto.randomUUID(),
            },
        }
    }

Does the docs page already exist? Please link to it.

https://authjs.dev/guides/extending-the-session