Next-auth: How can I extend the session object to use it with my ExpressJS API?

Hi there!

This a really interesting question and I'm not quite sure I have a full answer for you without asking for some more detail but I would like to explore it with you.

Note: I'm going to link to the v3 beta documentation below, as it's the most up-to-date.

• The Session Callback allows you to customise what gets returned in the session object.
  i.e. What is returned from /api/auth/session when signed in
  NB: This is the endpoint called by useSession() and getSession().
• The Sign In Callback lets you do something every time a user is signed in (you can also use the Sign In Event).

Using this combination might be enough.

However, what MIGHT be missing is that you probably need the User ID exposed to be able to tie two different databases together. In the v3 beta we are not currently passing the User ID to the Session callback or storing it in the JSON Web Token (if that is enabled). I think this is something we should address before we release v3.

I'd be interested to know if this explanation makes sense to you, and if it addresses your scenario.

I see, so on Signin callback, i can do request on my Express backend to register the user then modify my session object on that callback right? i saw the type of return is boolean | object. Does this modify the session object? Thanks!

@johnfrades Yikes! I'm sorry that documentation was wrong (thank you for highlighting that, I've just corrected it).

The signIn() callback can actually only be a boolean currently. In future it will be possible to reject it and return an error / URL to redirect to, but that's currently all this callback is for (just for allowing or denying access).

NextAuth.js doesn't - currently - provide session object storage, you can only use the session() callback to return data, but you can plugin your own logic there if you want.

I suspect to support your scenario, and similar situations other people have, that either the signIn() or session() callback need to pass additional data, for example to ensure you passed the User ID in session() callback.

IIRC it is only possible to pass if using JWT sessions to store it right now - that seems like a limitation we should address by changing what arguments are passed to the callback functions to at least include a User ID.

However I am not 100% sure this would even solve your issue. I'll have a think about what we could do in this scenario. Somehow supporting returning a user / profile object of some kind from the sign in function would be one option.

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!