Next-auth: Json Web Token on /api/examples/jwt returns null

Created on 30 Aug 2020  路  7Comments  路  Source: nextauthjs/next-auth

Your question
How to make /api/examples/jwt not returning null

What are you trying to do
I followed the steps to run the example application available at: https://github.com/nextauthjs/next-auth-example

I was trying to use Credentials Provider as documented at: https://next-auth.js.org/providers/credentials

As far as I understand, when we are not providing a database configuration option, JWT will be used by default.

When I run the app I am able to get the session data from http://localhost:3000/api-example page. But not JSON Web Token data which returns null.

Do I miss something?

Awesome lib btw.

Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

  • [ ] Found the documentation helpful
  • [x] Found documentation but was incomplete
  • [x] Could not find relevant documentation
  • [ ] Found the example project helpful
  • [ ] Did not find the example project helpful
    image
question
Source
picture wahyusaputra
👍2

Most helpful comment

Changed to 

    const token = await jwt.getToken({
      req,
      secret,
      encryption: true,
    });

now it works

picture timcash on 6 Sep 2020
👍2

All 7 comments

Yes, if you do not specify a database it will use JWT by default.

To decode a JWT you will need to define an application secret and pass it to the getToken() as in the example project.

NextAuth.js generates keys for JWT automatically using the secret value as a seed. It will generate a key automatically at startup if you don't specify one explicitly, which is fine but then only NextAuth.js routes will be able to read the token.

As Serverless all API endpoints run in isolated processes so if you need to access the key from an API endpoint, you need to pass the secret value to getToken() so it can use the same mechanism to generate a key from a seed.

iaincollins picture iaincollins on 31 Aug 2020

Trying to decrypt and getting back null as well

const options = {
  providers: [
    Providers.GitHub({
      clientId: process.env.GITHUB_ID,
      clientSecret: process.env.GITHUB_SECRET,
    }),
  ],
  session: {
    jwt: true,
  },
  secret: process.env.SECRET,
  jwt: {
    secret: process.env.SECRET,
    encryption: true,
  },
};

and trying to decode like this

    const token = await jwt.getToken({
      req,
      secret,
      raw: false,
      secureCookie: true,
    });
    console.log("JSON Web Token", token);

I get back null with encryption on but everything else seems to work. If I turn encryption off I get back a vaild JWT with raw:true

timcash picture timcash on 6 Sep 2020

Changed to 

    const token = await jwt.getToken({
      req,
      secret,
      encryption: true,
    });

now it works

timcash picture timcash on 6 Sep 2020
👍2

I am facing the same problem. 

 jwt: {
    // A secret to use for key generation (you should set this explicitly)
    secret: process.env.SECRET, 

    // Set to true to use encryption (default: false)
    // encryption: true,

    // You can define your own encode/decode functions for signing and encryption
    // if you want to override the default behaviour.
    // encode: async ({ secret, token, maxAge }) => {},
    // decode: async ({ secret, token, maxAge }) => {},
  },

Getting it like -

const secret = process.env.SECRET

export default async (req, res) => {
  const token = await jwt.getToken({ req, secret })
  res.send(JSON.stringify(token, null, 2))
}

And I am getting back the token as null. I don't understand what am I missing.

shikharsrivastava picture shikharsrivastava on 12 Sep 2020
1

I am having success with the following setup:

JWT_SECRET="..."
JWT_SIGNING_KEY={"kty":"oct","kid":"...","alg":"HS512","k":"..."}

  jwt: {
    signingKey: process.env.JWT_SIGNING_KEY,
    secret: process.env.JWT_SECRET,
  }

jwt.getToken({ req, secret, signingKey })
colshacol picture colshacol on 3 Nov 2020
👍1

I was having the same issue as everyone above, in the end what I found out is that if you set encryption to true in the jwt object as such: 

  jwt: {
    secret: process.env.JWT_SECRET,
    encryption: true
  },

You need to set the parameter encryption: true in the getToken helper as such:

const secret: string = process.env.JWT_SECRET

export default async (req: NextApiRequest, res: NextApiResponse) => {
    const token = await jwt.getToken({ req, secret, encryption: true })
}
robalaban picture robalaban on 3 Dec 2020

Hey, guys! The article helped me https://flaviocopes.com/nextjs-cookies/

termoxin picture termoxin on 24 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

eatrocks picture eatrocks  路  3Comments
simonbbyrne picture simonbbyrne  路  3Comments
dmi3y picture dmi3y  路  3Comments
SharadKumar picture SharadKumar  路  3Comments
MelMacaluso picture MelMacaluso  路  3Comments