No session is returned after Credentials login

[leo-petrucci]

I'm not sure if this is a bug or if I'm just using this wrong, so please bear with me.

I'm trying to integrate my Next.js app with a pre-existing database.

    "next": "^12.1.0",
    "next-auth": "^4.2.1",
    "@next-auth/prisma-adapter": "^1.0.1",
    "prisma": "^3.10.0",
    "@prisma/client": "^3.10.0",

1. The database contains a bunch of user accounts
2. I want to use the credentials provider to log-in existing users with these accounts
3. I want to use Next Auth for all new accounts

This is how my [...nextauth].ts looks:

import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import nodemailer from "nodemailer";
import { PrismaAdapter } from "@next-auth/prisma-adapter";
import prisma from "_lib/client";

export default NextAuth({
  providers: [
    CredentialsProvider({
      name: "Credentials",
      credentials: {
        username: { label: "Username", type: "text", placeholder: "jsmith" },
        password: { label: "Password", type: "password" },
      },
      async authorize(credentials, req) {
        const res = await fetch(`${process.env.NEXTAUTH_URL}/api/login`, {
          method: "POST",
          body: JSON.stringify(credentials),
          headers: { "Content-Type": "application/json" },
        });
        const user = await res.json();

        if (res.ok && user) {
          console.log("returing data");
          console.log({ user });
          return user;
        }
        return null;
      },
    }),
  ],
  adapter: PrismaAdapter(prisma),
});

I've tested that my login endpoint works on its own.

When I try to login this is what happens:

1. I input username and password
2. Next Auth hits my /login endpoint
3. Data is returned to Next Auth
4. The following is ran and console logged

          console.log("returing data");
          console.log({ user });
          return user;

5. I get redirected to my homepage
6. const { data: session } = useSession(); returns null rather than undefined

My Prisma schema contains the suggested models as well as a model for my old users table:

model core_members {
  member_id                 Int     @id
  name                      String  @default("") @db.VarChar(255)
  member_group_id           Int     @default(0) @db.SmallInt
  email                     String  @default("") @db.VarChar(150)
  joined                    Int     @default(0)
  ip_address                String  @default("") @db.VarChar(46)
  allow_admin_mails         String? @default(dbgenerated("'0'::\"bit\"")) @db.VarBit(1)
  skin                      Int?    @db.SmallInt
  warn_level                Int?
  warn_lastwarn             Int     @default(0)
  language                  Int?
  restrict_post             Int     @default(0)
  bday_day                  Int?
  bday_month                Int?
  bday_year                 Int?
  msg_count_new             Int     @default(0)
  msg_count_total           Int     @default(0)
  msg_count_reset           Int     @default(0)
  msg_show_notification     Int     @default(0)
  misc                      String? @db.VarChar(128)
  last_visit                Int?    @default(0)
  last_activity             Int?    @default(0)
  mod_posts                 Int     @default(0)
  auto_track                String? @default("0") @db.VarChar(256)
  temp_ban                  Int?    @default(0)
  mgroup_others             String  @default("") @db.VarChar(245)
  member_login_key_expire   Int     @default(0)
  has_blog                  String?
  has_gallery               Int     @default(0) @db.SmallInt
  members_seo_name          String  @default("") @db.VarChar(255)
  members_cache             String?
  members_disable_pm        Int     @default(0)
  failed_logins             String?
  failed_login_count        Int     @default(0) @db.SmallInt
  members_profile_views     BigInt  @default(0)
  members_pass_hash         String? @db.VarChar(255)
  members_pass_salt         String? @db.VarChar(22)
  members_bitoptions        BigInt  @default(0)
  members_day_posts         String  @default("0,0") @db.VarChar(32)
  notification_cnt          Int     @default(0)
  conv_password             String? @db.VarChar(128)
  blogs_recache             Int?    @db.SmallInt
  shoutbox_shouts           BigInt  @default(0)
  steamid                   String? @db.VarChar(17)
  pp_last_visitors          String?
  pp_main_photo             String?
  pp_main_width             Int?
  pp_main_height            Int?
  pp_thumb_photo            String?
  pp_thumb_width            Int?
  pp_thumb_height           Int?
  pp_setting_count_comments Int?
  pp_reputation_points      Int?
  pp_photo_type             String? @db.VarChar(20)
  signature                 String?
  pconversation_filters     String?
  pp_customization          String?
  timezone                  String? @db.VarChar(64)
  pp_cover_photo            String  @default("") @db.VarChar(255)
  profilesync               String?
  profilesync_lastsync      Int     @default(0)
  members_bitoptions2       BigInt  @default(0)
  create_menu               String?
  marked_site_read          BigInt? @default(0)
  pp_cover_offset           Int     @default(0)
  acp_skin                  Int?    @db.SmallInt
  acp_language              Int?
  member_title              String? @db.VarChar(64)
  member_posts              Int     @default(0)
  member_last_post          Int?
  member_streams            String?
  photo_last_update         Int?
  pp_setting_count_visitors Int     @default(0) @db.SmallInt
  idm_block_submissions     Int?    @default(0)
  is_tapatalk_member        String? @default(dbgenerated("'0'::\"bit\"")) @db.VarBit(1)
  failed_mfa_attempts       Int?    @default(0)
  mfa_details               String?
  permission_array          String?
  completed                 String  @default(dbgenerated("'0'::\"bit\"")) @db.VarBit(1)
  member_welcome            Int?    @default(0) @db.SmallInt

  @@index([allow_admin_mails], map: "public_core_members_allow_admin_mails9_idx")
  @@index([bday_day], map: "public_core_members_bday_day0_idx")
  @@index([bday_month], map: "public_core_members_bday_month1_idx")
  @@index([completed, temp_ban], map: "public_core_members_completed14_idx")
  @@index([email], map: "public_core_members_email6_idx")
  @@index([failed_login_count], map: "public_core_members_failed_login_count4_idx")
  @@index([ip_address], map: "public_core_members_ip_address3_idx")
  @@index([joined], map: "public_core_members_joined5_idx")
  @@index([last_activity], map: "public_core_members_last_activity13_idx")
  @@index([member_group_id, mgroup_others], map: "public_core_members_member_group_id7_idx")
  @@index([member_id, member_group_id], map: "public_core_members_member_id8_idx")
  @@index([members_bitoptions], map: "public_core_members_members_bitoptions2_idx")
  @@index([mod_posts], map: "public_core_members_mod_posts10_idx")
  @@index([name], map: "public_core_members_name12_idx")
  @@index([photo_last_update], map: "public_core_members_photo_last_update11_idx")
  @@index([profilesync_lastsync, profilesync], map: "public_core_members_profilesync_lastsync15_idx")
}

I'm not returning a lot from my /login endpoint, could that be it?

I tried console logging the data returned by the jwt() callback and this is what I got:

{
  token: {
    name: '<My username>',
    email: '<My email>',
    picture: undefined,
    sub: undefined
  },
  account: {
    providerAccountId: undefined,
    type: 'credentials',
    provider: 'credentials'
  }
}

Is there data that Next Auth always expects to be returned from the login endpoint?

I can see that the Credentials docs page says:

The Credentials provider can only be used if JSON Web Tokens are enabled for sessions. Users authenticated with the Credentials provider are not persisted in the database.

Does it mean that I need to specifically set:

session: {
  strategy: "jwt",
}

How does this interfere with other login options that do work with the database?

[leo-petrucci]

So obviously as soon as I posted this I found a solution. Apparently when using credentials you need to manually encode/decode your JWT.

  session: {
    strategy: "jwt",
  },
  jwt: {
    async encode({ token }) {
      return jwt.sign(token as {}, process.env.JWT_SECRET!);
    },
    async decode({ token }) {
      return jwt.verify(token!, process.env.JWT_SECRET!) as JWT;
    },
  },

Specifying the session strategy is also required.

[stgogm]

Thank you. Spent a lot of hours on this.

Now you can just use next-auth/jwt methods like this:

// ...
import { encode, decode } from 'next-auth/jwt';
// ...

const options: AuthOptions = {
  adapter,
  session: {
    strategy: 'jwt',
  },
  jwt: { encode, decode },
  providers: [
    CredentialsProvider({
      //...
    }),
  ],
};

[Eugene-Mokrushin]

MEGA bump
thanks a lot, finaly a proper solution

[abibring]

This was a LIFESAVER! Thank you for this solution!

[mwarnerdotme]

Thank you! I've been working on this for hours now, trying to make a custom wrapper provider and begging to understand why the default SessionProvider has this "bug". Can you explain why this works?

[ak800i]

What about when we are using database sessions?

[isaac-svg]

Thanks.
I knew I wasn't doing something right.